India's New Era of
Data Privacy.
The Digital Personal Data Protection Act is now law. We help Data Fiduciaries navigate consent architectures, grievance redressal, and board reporting to avoid penalties.
Are You a Data Fiduciary ?
The DPDP Act replaces generic privacy rules with strict obligations for any entity determining the purpose of processing. This includes almost every business in India handling customer or employee digital data.
High-Stakes Compliance
Unlike previous laws, the DPDP Act empowers the Data Protection Board to levy penalties up to ₹250 Crores per instance.
Notice & Consent
You must provide a clear itemized notice in English and 22 scheduled languages before seeking consent.
Significant Data Fiduciaries
Entities handling high volumes or sensitive data must appoint a Data Protection Officer (DPO) and conduct periodic audits.
Grievance Redressal
Mandatory mechanism to respond to Data Principal queries within a prescribed timeline before they approach the Board.
Rights of the Data Principal
Your systems must be architected to handle these requests efficiently.
Right to Access
Know what data is being processed and the identities of all Data Processors.
Right to Correction
Request correction of misleading or update of incomplete personal data.
Right to Erasure
Demand deletion of data when the purpose is served or consent is withdrawn.
Right to Grievance
Redressal of grievances by the Fiduciary within a set timeframe.
Right to Nominate
Nominate an individual to exercise rights in case of death or incapacity.
The Cost of Denial
Failing to implement safeguards to protect personal data can lead to penalties up to:
per instance of breach
The Compliance Roadmap
A structured journey from data mapping to board reporting, ensuring full compliance.
Data Mapping
Identify all personal data sets and classify them.
Consent Architecture
Deploy Consent Managers and multi-lingual notices.
Vendor Contracts
Update contracts with all Data Processors to ensure liability flow.
Tech Controls
Implement encryption, access control, and breach detection.
DPO Appointment
Appoint a nodal contact person or DPO for compliance.
Board Reporting
Establish periodic reporting to the Board regarding privacy risks.
Is Your Business DPDP Ready?
Get a comprehensive Gap Assessment to understand your exposure to the new Indian privacy regulations.