Are You DPDP Ready?
We help small businesses map personal data, review vendors, tighten consent and security, and prepare for the things that go wrong.
It draws on a decade of building privacy-by-design systems, testing privacy controls and writing on privacy, data minimization, and security.
For small businesses
Built for teams running on SaaS tools, payment systems, spreadsheets, marketplaces, and outsourced vendors.
Technical and operational
Focused on systems, data flows, access, retention, security controls, and implementation. Legal counsel can be involved where needed.
Privacy by example
The free screener runs in your browser. Everything stays with you unless you choose to submit a contact request.
DPDP readiness is usually operational
Personal data moves through more systems than most teams realize.
Customer, employee, and user records spread across tools that no single person fully tracks — and getting ahead of that takes more than a privacy policy.
- Customer data is spread across websites, forms, CRMs, payment tools, WhatsApp, email, spreadsheets, and support systems.
- Privacy notices often do not match actual data flows.
- Consent is collected inconsistently or is not recorded clearly.
- Vendors process personal data without a clear inventory or contract review.
- Old data is retained because nobody owns deletion.
- There is no tested breach response process.
What we help with
A simple sequence from uncertainty to working controls.
1. Assess
Review the information, tools, vendors, and security practices that are affected by DPDP.
2. Map
Document the data you collect, where it goes, who touches it, and which systems process it.
3. Fix
Establish robust consent flows, access controls, retention rules, and breach procedures.
4. Train
Train the teams that touch data: HR, sales, customer support, delivery.
Public writing on privacy since 2015
Sushil has written about privacy, data protection, and security since 2015 — long before DPDP had a deadline.
The argument has stayed the same: collect less data, protect it better, explain its use clearly, and build security in from the start.
- The Wire, 2018: India’s proposed data protection measures and privacy concerns
- ORF Digital Policy Portal, 2017: Data minimization and saying “No, thanks” to unnecessary data
- The Wire, 2017: Startup advice on privacy and security from the start
- The Caravan, 2015: Security and privacy issues with a missing children portal
Start with the free DPDP Risk Screener
A quick self-check that shows where your business may be exposed to data protection and privacy risk. Your answers are scored in your browser and stay with you unless you ask us to contact you.
- 15 quick questions
- Plain-language questions anyone can answer
- Risk category and top themes
- Optional follow-up request
Need a deeper review?
Schedule a risk review session. We will look at your business model, systems, vendors, and data handling practices, then suggest the most sensible next step.
Schedule a risk review