Is Your Business Ready for DPDP?
India's Digital Personal Data Protection (DPDP) Act of 2023 is set to be enforced starting 13 May 2027. Are your data processing systems and policies compliant?
Fines can run as high as Rs250 crore for serious violations. We help small businesses map personal data, review vendors, tighten consent and security, and prepare for unexpected data breaches.
For small businesses
Built for teams running on SaaS tools, payment systems, spreadsheets, marketplaces, and outsourced vendors.
Technical and operational
Focused on systems, data flows, access, retention, security controls, and implementation. Legal counsel can be involved where needed.
Privacy by example
The free screener runs in your browser. Everything stays with you unless you choose to submit a contact request.
DPDP readiness is usually operational
Personal data moves through more systems than most teams realize.
Customer, employee, and user records spread across tools that no single person fully tracks — and getting ahead of that takes more than a privacy policy.
- Customer data is spread across websites, forms, CRMs, payment tools, WhatsApp, email, spreadsheets, and support systems.
- Privacy notices often do not match actual data flows.
- Consent is collected inconsistently or is not recorded clearly.
- Vendors process personal data without a clear inventory or contract review.
- Old data is retained because nobody owns deletion.
- There is no tested breach response process.
What we help with
A simple sequence from uncertainty to working controls.
1. Catalog Data
Identify what personal data is collected, how it is stored, and how and with whom it is shared.
2. Review Usage
Examine for what purpose the data is used, whether consent was obtained.
3. Data Lifecycle
Chart what happens to data when users request changes or stop using the service and employees leave.
4. Identify Gaps
Compare current practices with the requirements and identify risks and areas needing correction.
5. Plan Next Steps
Present findings, suggest remediations and discuss what changes to make, what support is needed, and whether training is required.
Public writing on privacy since 2015
Sushil has written about privacy, data protection, and security since 2015 — long before DPDP had a deadline.
The argument has stayed the same: collect less data, protect it better, explain its use clearly, and build security in from the start.
- The Wire, 2018: India’s proposed data protection measures and privacy concerns
- ORF Digital Policy Portal, 2017: Data minimization and saying “No, thanks” to unnecessary data
- The Wire, 2017: Startup advice on privacy and security from the start
- The Caravan, 2015: Security and privacy issues with a missing children portal
Start with the free DPDP Risk Screener
A quick self-check that shows where your business may be exposed to data protection and privacy risk. Your answers are scored in your browser and stay with you unless you ask us to contact you.
- 15 quick questions
- Plain-language questions anyone can answer
- Risk category and top themes
- Optional follow-up request
Need a deeper review?
Schedule a risk review session. We will look at your business model, systems, vendors, and data handling practices, then suggest the most sensible next step.
Schedule a risk review