Digital Personal Data Protection Act, 2023 (DPDP Act)
Complete compliance guide for companies with <200 employees. Everything you need to know about DPDP Act requirements, deadlines, and penalties.
30 calendar days
N/A/violation
Up to INR 250 crore (approximately USD $30 million) per violation. Penalties range from INR 10,000 for individual duty failures to INR 250 crore for failure to protect against data breaches. The Data Protection Board determines penalties based on severity.
No threshold
$5,000 – $20,000
8-20 weeks
Mid-Market Compliance Guide
The DPDP Act was enacted in August 2023 but implementation rules are still being finalized. It applies to processing of digital personal data within India and to processing outside India if offering goods/services to Indian data principals. Companies should begin compliance planning even before rules are fully notified.
Key Requirements
- Consent-based processing with clear notice
- Significant Data Fiduciary obligations (DPO, audits, DPIA)
- Purpose limitation and data minimization
- Data breach notification to Board and affected persons
- Children's data requires verifiable parental consent
- Cross-border transfer restrictions (government-notified countries)
Consumer Rights
Business Obligations
- 1.Provide notice before or at the time of data collection
- 2.Process data only for lawful purposes with consent
- 3.Implement reasonable security safeguards
- 4.Significant Data Fiduciaries must appoint DPO and conduct DPIAs
- 5.Respond to data subject requests as prescribed by rules
Exemptions
- •State instrumentality for national security or public order
- •Processing necessary for legal obligations
- •Voluntary data shared by data principal (publicly available)
- •Research and statistical purposes (with conditions)
Related Privacy Laws
Recommended Compliance Tools
BigID
AI-powered data intelligence for privacy and security
DPDP Act data discovery support
TrustArc
Enterprise privacy management with built-in regulatory intelligence
DPDP Act compliance assessment
Securiti
AI-powered data command center for privacy, security, and governance
DPDP Act compliance automation
Get a mid-market compliance checklist for DPDP Act
We'll send you a practical, step-by-step checklist tailored for companies with <200 employees. No spam, unsubscribe anytime.
See how DPAs enforce DPDP Act in practice
Real fines, real violations, real lessons. Browse our enforcement database to understand what gets penalized under DPDP Act.
Disclaimer: This is general information, not legal advice. Consult a qualified attorney for your specific situation. Laws and regulations may change. Last reviewed: 3/27/2026.