DPDPA Phase II enforcement 13 November 2026 — penalties up to ₹250 crore. Check your readiness →
Book a Demo
DPDPA Guide

Understand the DPDP Act 2023, end to end.

Plain-language explainers covering everything from the basics to penalties, obligations, consent and the full compliance checklist — written for Indian businesses.

Free readiness assessment
9 min read

What is the DPDPA? India’s Digital Personal Data Protection Act, 2023 Explained

The DPDPA is India’s Digital Personal Data Protection Act, 2023 — the country’s first comprehensive data protection law. It governs how organisations process the digital personal data of individuals in India, gives individuals enforceable rights over their data, and allows penalties of up to ₹250 crore for non-compliance.

Read the guide
8 min read

DPDPA Penalties: How Much Can DPDPA Non-Compliance Cost?

DPDPA penalties are civil financial penalties imposed by the Data Protection Board of India, scaling up to ₹250 crore for failing to take reasonable security safeguards to prevent a data breach. Fines are assessed per instance based on the nature, gravity, duration and impact of the violation.

Read the guide
10 min read

Data Fiduciary Obligations Under the DPDPA: A Complete Guide

A Data Fiduciary must process personal data only for the consented or lawful purpose, keep it accurate, apply reasonable security safeguards, notify breaches to the Board and affected individuals, erase data when no longer needed, publish a contact for queries, and run a grievance mechanism (Section 8). It stays accountable even when a Data Processor handles the data.

Read the guide
10 min read

Consent Management Under the DPDPA: How to Build a Compliant Consent Flow

Under the DPDPA, you must serve an itemised, plain-language notice (Section 5), then obtain consent that is free, specific, informed, unconditional and unambiguous through clear affirmative action (Section 6). Consent must be limited to necessary data, granular per purpose, easy to withdraw, logged for proof, and refreshed on any material change of purpose.

Read the guide
9 min read

Significant Data Fiduciary (SDF): Extra DPDPA Obligations Explained

A Significant Data Fiduciary (SDF) is a Data Fiduciary notified by the Central Government under Section 10 of the DPDPA, based on factors like data volume, sensitivity and risk. An SDF carries extra duties: appoint an India-based DPO, appoint an independent data auditor, and conduct periodic Data Protection Impact Assessments and audits.

Read the guide
11 min read

DPDPA Compliance Checklist: A Step-by-Step Guide for 2025

A DPDPA compliance checklist covers building a data inventory, fixing a lawful basis, issuing Section 5 consent notices, enabling easy consent withdrawal, honouring Data Principal rights, securing data under Section 8(5), running a breach-response plan, governing vendors with DPAs, and meeting children’s-data and SDF duties.

Read the guide
10 min read

DPDPA vs GDPR: Key Differences for Indian Businesses

The DPDPA is India’s data law and the GDPR is the EU’s. Both protect personal data and grant individual rights, but the DPDPA is shorter, has no separate “sensitive data” category, treats anyone under 18 as a child, uses a negative-list for cross-border transfers, and caps penalties at ₹250 crore.

Read the guide

Get DPDPA-ready before the enforcement window closes.

Start with a free readiness assessment, or book a demo of the Data Adhikaar agent fabric.

Book a DemoFree Readiness Assessment
Or call +91 98226 28174