Vratex Insights

Compliance Insights

Analysis, guidance, and regulatory updates for India's compliance leaders.

Data Protection

What Is a RoPA? Records of Processing Activities Under the DPDP Act

RoPA meaning under India's DPDP Act: why the law never names it but makes it impossible to comply without one, what fields to capture, and how to build it.

1 Jul 20266 min
Data Protection

Data Protection Officer (DPO) in India: Do You Need One?

No Indian company is legally required to appoint a DPO until SDFs are notified. Three operational signs you need one now, and how to hire.

19 Jun 202611 min
DPDP Act

DPDP Compliance Software for Indian Enterprises

What DPDP compliance actually requires, how compliance software maps to each obligation, and how to choose a platform that lasts to 13 May 2027.

18 Jun 20266 min
GRC

GRC in Cybersecurity: How Governance, Risk and Compliance Actually Works

GRC in cybersecurity explained: what it means, the five-stage cyber GRC loop, how it maps to ISO 27001 and NIST, GRC vs SOC, and what a GRC analyst does.

16 Jun 20265 min
DPDP Act

Privacy Policy Under the DPDP Act: What Indian Businesses Must Include

Does the DPDP Act require a privacy policy? What your privacy notice must include under Section 5 and Rule 3, the 22-language rule, and how to write one.

16 Jun 20266 min
GRC

What Is GRC? Governance, Risk and Compliance Explained for Indian Businesses

GRC means governance, risk and compliance run as one system. What GRC is, the three pillars in plain English, and how it works for Indian businesses.

16 Jun 20266 min
Data Protection

What Is Personal Data Under the DPDP Act? Definition, Examples & Who's Who

What counts as personal data under India's DPDP Act 2023 — clear examples, the data principal, fiduciary and processor roles, and the sensitive-data myth.

16 Jun 20267 min
Data Protection

What Is a DPIA? Data Protection Impact Assessments Under the DPDP Act

DPIA meaning, who must conduct one under India's DPDP Act, how the annual Rule 13 obligation works, and a 7-step process you can run this quarter.

11 Jun 20265 min
ISO 27001

ISO 27001 Audit Checklist: What Auditors Ask For at Every Stage

A practical ISO 27001 audit checklist: internal audit, Stage 1, Stage 2, and surveillance. What auditors request, clause by clause, and common nonconformities.

11 Jun 20264 min
ISO 27001

ISO 27001 Controls Explained: The 93 Annex A Controls (2022)

How the 93 ISO 27001:2022 Annex A controls work: the 4 themes, what changed from the 114 controls in 14 domains, the 11 new controls, and how the SoA works.

11 Jun 20264 min
DPDP Act

DPDP Act for Fintech Companies in India: What RBI-Regulated Firms Must Know

How RBI-regulated fintechs meet DPDP Act 2023 alongside RBI rules: consent, data localisation, retention conflicts & the 2027 deadline. Get audit-ready.

9 Jun 202610 min
DPDP Act

Data Breach Notification Under the DPDP Act: A Step-by-Step Guide for CISOs

The DPDP Act's breach rules explained for CISOs: the 72-hour clock, CERT-In's 6-hour overlap, what to report, and a step-by-step response playbook.

9 Jun 20269 min
DPDP Act

DPDP Act Penalties: What Non-Compliance Actually Costs

Every penalty under the DPDP Act 2023 explained: amounts, triggers, the 7 factors the Board weighs, blocking orders, and why ₹250 crore is not the ceiling.

4 Jun 20266 min
Data Protection

DPDP Act vs GDPR: 12 Differences That Change Your Compliance Strategy

A practical comparison of India's DPDP Act 2023 and the EU's GDPR: where they align, where they diverge, and what it means for your compliance programme.

4 Jun 20266 min
DPDP Act

DPDP Act Compliance: What Indian Companies Must Do Before 13 May 2027

DPDP compliance for Indian companies: every DPDP Act 2023 and DPDP Rules 2025 obligation, the exact phase deadlines, penalties, and a priority roadmap.

3 Jun 20267 min