Blog & updates
DPDP, in plain English.
News, deadline reminders and guides for Indian website owners working through the DPDP Act.
Showing 7–12 of 17
Page 2 of 3
- Guide
DPDP penalties decoded — what ₹250 crore really means and who pays
Headlines say 'up to ₹250 crore per default'. The Schedule 1 of the DPDP Act is more nuanced — penalty bands per breach type, mitigating factors that the Board must consider, and per-event aggregation rules. Here's the actual math.
Read article
- Guide
Section 8 security safeguards — the minimum stack every Indian website needs
Section 8(5) is the DPDP clause with the biggest penalty band — ₹250 crore. Most enforcement risk for SMBs sits here, not in consent. Here is the minimum security stack — HTTPS, password hygiene, backup hygiene, vendor hygiene — that puts you in a defensible posture for the cost of a coffee.
Read article
- Guide
Cross-border data transfers under DPDP — what the negative list approach means for your stack
DPDP took the opposite path from GDPR — instead of approving destinations, it blocks specific ones. The Rules promise a notified 'negative list' of restricted countries. Here's what to do while waiting for that list, and how to keep your AWS / GCP / OpenAI stack legal.
Read article
- Guide
From scan to secure — what to do with each red flag the checkDPDP scanner shows
You ran the scanner. Some categories came back Fail or Warning. Now what? This is the playbook — Fail by Fail — for closing the gaps the scanner finds, with time estimates, the right free tool from the checkDPDP stack, and when to escalate to a paid consultant instead.
Read article
- Guide
Verifiable parental consent: how to handle children's data under the DPDP Act
The DPDP Act puts children under 18 in a special category — verifiable parental consent, no tracking, no targeted ads. The Rules give a phased rollout, but the engineering work is harder than people expect. Here's what 'verifiable' actually means.
Read article
- Guide
Are you a Significant Data Fiduciary? What the SDF designation actually means
MeitY can designate any Data Fiduciary as 'Significant' — and the obligations that follow (DPIA, India-resident DPO, periodic audit) change your compliance budget by an order of magnitude. Here's how to tell if you're at risk and what to do today.
Read article