Skip to content
checkDPDP

Free risk calculator · No signup

Free DPDP Act risk calculator for India — score in 60 seconds

The free DPDP risk calculator for Indian websites and businesses. Answer 10 quick questions about your org, the data you process and the controls you already have — get an instant 0–100 risk score against the DPDP Act 2023 + Rules 2025, your ₹50–250 crore penalty exposure band, Significant Data Fiduciary likelihood and a prioritised fix list. Runs entirely in your browser. No signup. No site URL needed. Nothing stored.

1. Your organisation size
2. Primary industry
3. Indian Data Principals processed
4. Data sensitivity & flows
5. Controls already in place
Controls in place0 of 9

Every control you tick reduces your score and shows the corresponding gap as resolved.

No data leaves your browser — the score is computed locally; the share link only encodes the three top-level chips.

Why this calculator

The free, India-first DPDP risk tool — no sales call, no signup, no PII

Most DPDP risk tools sit behind a five-figure annual contract and a sales call. This one gives you the same headline answer in 60 seconds, free, with transparent weights you can audit.

100% free, forever

No paywall, no signup, no email. The calculator is part of our free tooling alongside the scanner and banner builder.

Runs in your browser

Scoring is computed locally in JavaScript. We do not send your answers to a server — nothing leaves your device.

India-first, not GDPR re-skin

Built around the published text of the DPDP Act 2023 and Rules 2025 — Section 6 withdraw flow, Section 8 security, Section 9 children, Section 10 SDF, Section 16 transfers, Schedule 1 penalty bands.

Transparent weights

Every input adds a specific delta to your score. Open the breakdown panel to see why your score moved when you toggled an answer.

Prioritised fix list

Gaps are sorted by how much they add to your score — close the biggest first. Each fix links to a free guide or tool.

Shareable & downloadable

One-click copy share-link encodes your top three answers, or download a text summary to email your team or board.

How it works

From 10 chips to a defensible DPDP risk read-out

A small number of high-signal inputs map to a score, a band, a Significant Data Fiduciary likelihood and a prioritised fix list — all derived deterministically from the Act and Rules.

  1. Step 01

    Pick your profile

    Tap chips for organisation size, industry and Indian Data Principal volume. No free-text required.

  2. Step 02

    Flag your data flows

    Toggle cross-border, children's data, sensitive (financial / health / biometric) and marketing trackers.

  3. Step 03

    Tick controls in place

    Nine control toggles — banner, notice, withdraw flow, Grievance Officer, breach playbook, DPIA, vendor inventory, security audit, India residency.

  4. Step 04

    Read your score

    A 0–100 risk score updates live, mapped to one of five bands — Strong, Low, Medium, High, Critical.

  5. Step 05

    See your penalty band

    Schedule 1 maps your score to a maximum exposure — ₹50 cr to ₹250 cr per failure.

  6. Step 06

    Close the top gaps

    Open the suggested fix for each gap — banner builder, consent notice, breach template, security baseline.

Who it is for

Built for every Indian business under the DPDP Act

Indian SMBs & D2C founders

A 60-second baseline before you write a single line of policy. Sequence your weekend sprint by closing the top gaps first.

Startup CTOs & engineering leads

See which technical controls move the needle (banner, withdraw flow, security headers) and which need a programme (DPIA, vendor DPAs).

Privacy & compliance teams

Take a snapshot every quarter, share the URL with the board, and track gap-closure delta over time.

Investors & due-diligence teams

A defensible read on a portfolio company's DPDP posture without commissioning a paid audit.

Agencies & consultants

Walk a prospect through the calculator on a sales call — convert the conversation from 'what is DPDP' to 'here are your three biggest gaps'.

Anyone curious about DPDP

No URL, no PII. Plug in a hypothetical org profile to learn how the Act’s weights actually work.

Questions, answered

DPDP risk calculator — FAQ

Is the DPDP risk calculator really free?

Yes, 100 % free. No signup, no credit card, no email collected. The calculation runs entirely in your browser — nothing is sent to a server, so no personal or business data leaves your device.

What does the DPDP risk score actually mean?

A 0–100 score where higher means higher compliance risk under the Digital Personal Data Protection Act 2023 and Rules 2025. The score is mapped to one of five bands — Strong, Low, Medium, High, Critical — each tied to a Schedule 1 penalty band (₹50 cr, ₹150 cr, ₹200 cr or ₹250 cr per failure).

How is this different from other DPDP tools?

Most commercial DPDP tools (Tsaaro, Sprinto, Securiti, OneTrust) require a sales call and start at five-figure annual contracts. This calculator gives you the same headline answer — risk band, penalty exposure, SDF likelihood, prioritised gap list — in 60 seconds, free, with transparent weights you can audit. It is built specifically for the Indian DPDP context, not a re-skinned GDPR tool.

What inputs does the calculator need?

Ten low-effort questions: organisation size, primary industry, Indian Data Principal count, four sensitivity / data-flow toggles (cross-border, children, sensitive, marketing trackers) and nine control toggles (consent banner, privacy notice, withdraw flow, Grievance Officer, breach playbook, DPIA, vendor inventory, security audit, India residency). No URL required, no PII required.

What is a Significant Data Fiduciary (SDF) and why does the calculator predict it?

Section 10 of the DPDP Act lets the Central Government designate any Data Fiduciary as Significant — triggering DPO, DPIA, audit and reporting obligations. The calculator estimates your SDF likelihood (Unlikely / Possible / Likely) from user volume, industry and data sensitivity, using the open-ended factors MeitY has signalled.

Can I trust the penalty exposure number?

It is a band, not a precise rupee figure. The DPDP Act's Schedule 1 sets caps (up to ₹250 cr for Section 8 security failures, ₹200 cr for breach and children's data, ₹150 cr for SDF duties, ₹50 cr for residual obligations). The calculator maps your score to the most likely band given your worst exposure — the Data Protection Board sets the actual number under Section 33(2) mitigating factors.

When is the DPDP compliance deadline?

The DPDP Rules 2025 were notified on 13–14 November 2025 with an 18-month phased rollout. Full compliance is required by 13 May 2027. The calculator helps you sequence which gaps to close first inside that window.

Does the calculator give legal advice?

No. It is a self-assessment tool grounded in the published text of the DPDP Act 2023 and Rules 2025. For specific compliance decisions — especially if you are flagged as a likely Significant Data Fiduciary — engage a qualified Indian data-protection lawyer or DPO firm.

Keep going

Other free DPDP tools and plain-English guides

Free DPDP Website Scanner

Paste a URL and get a category-by-category Pass / Warning / Fail scorecard.

Open

Free DPDP Banner Builder

Generate a DPDP-aligned consent banner with one-line embed and verifiable consent log.

Open

DPDP Compliance Checklist

Interactive checklist mapped to the DPDP Act sections and Rules 2025.

Open

India CMP Comparison

Vendor-neutral comparison of India-headquartered consent managers and DPO firms.

Open

DPDP Act Plain-English Guide

Section-by-section walk-through with citations to the Act and Rules.

Open

DPDP Penalties Decoded

What ₹250 crore really means — and how the Data Protection Board picks the actual number.

Open