21 Jan 2026 · 8 min read
Most 'privacy policies' on Indian websites fail the DPDP consent-notice test. Not because they are short, but because they are vague: generic categories of data, generic purposes, no named Grievance Officer.
Section 5 of the DPDP Act asks for specificity. The notice has to be itemised, in plain language, and updated whenever you change purposes. We walk you through each required element and link to a generator that produces a checked notice.
Note. Guidance, not legal advice. For specific compliance decisions, please consult a qualified data-protection lawyer.