India's data-protection law,made practical.
India's Digital Personal Data Protection Act, made practical. Understand your obligations, measure your readiness, and put compliant consent and signing workflows in place — all in one place.
- ₹250cr
- Max penalty per instance
- 7
- Data Principal rights
- 2023
- Year enacted
Are you DPDP-ready?
Answer five quick questions and get an instant, scored read on your compliance posture — across consent, notice, Data Principal rights, grievance redressal, and breach reporting.
- Instant score across 5 core DPDP obligations
- 100% private — nothing leaves your browser
- Links straight to the full section-by-section assessment
60-second readiness check
Answer 5 questions — no data leaves your browser.
1.Do you capture free, specific, informed consent before processing personal data?
DPDP §6 — consent must be unambiguous and revocable.
2.Do you give users a clear notice describing what data you collect and why?
DPDP §5 — itemised notice, in plain language.
3.Can a user request access, correction, or erasure of their data?
DPDP §11–13 — Data Principal rights.
4.Is there a published grievance-redressal contact (DPO / point of contact)?
DPDP §8(10) — readily available grievance mechanism.
5.Do you have a documented process to report personal-data breaches?
DPDP §8(6) — notify the Board and affected principals.
Learn it, assess it, then act on it
Most DPDP resources stop at explanation. This hub takes you from understanding the law to measuring your gaps to operationalising compliance.
Plain-English guides
Cut through the legalese. Clear explainers on consent, notices, Data Principal rights, breach reporting, and timelines — written for operators, not lawyers.
Browse guides→AssessInteractive tools
A full readiness assessment and a penalty calculator that turn the Act into a concrete, scored picture of where you stand and what to fix first.
Run the assessment→ActCompliance-ready signing
Consent capture, audit trails, and tamper-evident records — operationalise DPDP obligations with Certinal's enterprise eSignature and e-consent platform.
See how it works→DPDP, answered
The questions teams ask most when they start their DPDP journey.
What is the DPDP Act, 2023?
The Digital Personal Data Protection Act, 2023 is India's first comprehensive data-protection law. It governs how organisations (Data Fiduciaries) collect, process, and protect the personal data of individuals (Data Principals), and sets out consent requirements, individual rights, and penalties for non-compliance.
Who needs to comply with the DPDP Act?
Any organisation that processes the digital personal data of individuals in India — whether collected online or digitised offline — must comply. This applies to companies inside India and, in many cases, to foreign companies offering goods or services to people in India.
What are the penalties under the DPDP Act?
Penalties are set by the Data Protection Board and can reach ₹250 crore per instance for failure to take reasonable security safeguards, with other breaches carrying penalties up to ₹200 crore. Use our penalty calculator to estimate your exposure.
How is consent handled under the DPDP Act?
Consent must be free, specific, informed, unconditional, and unambiguous, with a clear affirmative action. Data Principals can withdraw consent as easily as they gave it, and organisations must honour withdrawal promptly.
Turn DPDP obligations into working consent and signing flows
See how Certinal helps enterprises capture compliant consent, maintain tamper-evident audit trails, and stay DPDP-ready at scale.