Full Enforcement: 13 May 2027

Is Your Organisation Ready for DPDPA 2023?

A scholarly compliance platform for India's Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025.Designed for Data Fiduciaries across all sectors — startups, SMEs, and enterprises alike.

THE ARCHITECTURE OF TRUST.

THE SCIENCE OF COMPLIANCE.

Privacy is not negotiable. It is fundamental.

Data you do not collect cannot be breached.

Trust is earned in drops, lost in buckets.

Consent means choice. Not fine print.

Every data point is a promise to protect.

Privacy by design is not optional. It is inevitable.

The best data strategy: Collect less. Protect more.

🏢

Startups

Foundational compliance obligations under Section 4

🏭

SMEs

Proportionate measures for medium scale Data Fiduciaries

🏛️

Enterprises

SDF obligations, DPO appointment, DPIA requirements

An Academic Initiative of
A
AMLEGALS
Initiate DiagnosticExplore Standards
HealthcareFintechE-CommerceEdTech
34-Point Diagnostic
10 White Papers
3 Phase Certification
Zero Data Collection

What is DPDPA 2023?

The Digital Personal Data Protection Act, 2023 is India's principal legislation governing the processing of personal data in digital form. Enacted on 11 August 2023, it establishes a comprehensive framework of rights for Data Principals and obligations for Data Fiduciaries, with penalties of up to ₹250 crore for non-compliance. The DPDP Rules, 2025, notified on 13 November 2025, prescribe the procedural requirements. Full enforcement commences on 13 May 2027.

PENALTY SCHEDULE — SCHEDULE OF THE ACT (SECTION 33)

₹250 Cr

Failure to implement reasonable security safeguards

₹200 Cr

Non-fulfilment of obligations regarding children's data

₹150 Cr

Breach of Data Principal's rights obligations

₹50 Cr

Non-compliance with additional obligations of Data Fiduciaries

Implementation Roadmap

A 12-phase procedural framework for systematic compliance. From consent architecture to breach response protocols.

RULE 3 & 4 PROTOCOLS

Global Standards. Comparative Analysis.

25 structural protocols for Data Fiduciaries. DPDPA mapped against GDPR, CCPA, and ISO 27701 frameworks.

ISO 27701 ALIGNEDDPDPA 2023 NATIVE
RESEARCH PAPERS
The Geopolitics of the Blacklist: A 2025 Study
Automated Processing Accountability under DPDPA
Practical Compliance: Strategies for SMEs and Startups
EXPLORE ALL 10 PAPERS →
34

Compliance Diagnostic

34-question assessment framework. Evaluate your organisation's preparedness against statutory requirements.

ASSESSMENT READY

Executive FAQ Vault

Authoritative answers to 50+ critical DPDPA 2023 technical queries. Updated for the May 13, 2027 enforcement date.

"Clarity on the architecture of compliance."

Essential Compliance Obligations for SMEs and Startups

Five preliminary steps every organisation must undertake before 13 May 2027

01

Map Data Flows

Identify all personal data processing activities under Section 2(x)

02

Establish Consent

Implement valid consent mechanisms per Section 6 and Rule 4

03

Draft Privacy Notice

Prepare itemised notice with all mandatory particulars under Section 5

04

Breach Response Plan

Institute 72-hour notification protocol per Section 8(6) and Rule 7

05

Grievance Mechanism

Designate a point of contact for Data Principal rights under Section 13