Right to access
Confirmation, summary of processing, contact info of fiduciary
India · Digital Personal Data Protection Act, 2023
DPDP compliance, ready before the rules notify.
Notice + consent flows, principal rights workflows, breach reporting timers, and significant data fiduciary controls — wired into the same control library auditors already see.
Data principal rights · §11–§14
Four statutory rights, instrumented
Every right has an SLA, an owner, and a paper trail. The Data Protection Board sees evidence on demand.
Right to correction & erasure
Update, complete, correct, or erase personal data
Right to grievance
Readily available redressal mechanism
Right to nominate
Nominate another principal in event of death/incapacity
Fiduciary obligations
Six chapters of the Act, mapped to controls
S.5
Notice & purpose
Itemized notice in plain language; clear stated purpose
S.6
Consent management
Free, specific, informed, unconditional, unambiguous
S.7
Legitimate uses
Defined non-consent grounds with documented justification
S.8
Security safeguards
Reasonable security to prevent breach; defined audit cadence
S.9
Children & disabled
Verifiable parental consent; no behavioural tracking
S.10
Significant fiduciary
DPO appointment, audit, DPIA at notification thresholds
DSAR — 30-day SLA
From intake to fulfilment, on the clock
Every stage is owned, timed, and exportable to the Data Protection Board if challenged.
Penalties · Schedule 1
Up to ₹250 crore per contravention
Quantified penalties make the cost of inaction concrete. The DPB has issuance authority — and the rules implement Schedule 1 directly.
Cumulative capUp to ₹500 crore in aggregate for repeat or compound contraventions across a single fiduciary.
- Failure to safeguard data₹250 cr
- Failure to notify breach₹200 cr
- Children & disabled obligations breach₹200 cr
- SDF additional obligations breach₹150 cr
- Other contraventions₹50 cr
DPDP — operating model, not paperwork
Run notice, consent, rights, and breach reporting from the same platform your security team uses.