What is the DPDP Act 2023?+
The Digital Personal Data Protection Act, 2023 is India's comprehensive data privacy law. It governs how organisations collect, process, store, and delete personal data of individuals in India. The Act establishes rights for data principals (individuals) and obligations for data fiduciaries (organisations).
Who needs to comply with the DPDP Act?+
Every organisation that processes digital personal data within India, or processes data of individuals in India for offering goods or services. There is no size threshold — startups, SMEs, and large enterprises all must comply with baseline obligations.
What are the DPDP compliance deadlines?+
The DPDP Rules were notified on November 14, 2025, with a three-phase rollout. Consent manager provisions take effect November 14, 2026. Full substantive compliance — including consent, breach notification, data principal rights, and erasure — is required by May 14, 2027.
What penalties does the DPDP Act impose?+
Penalties range up to Rs 250 crore per breach. Failure to implement reasonable security safeguards carries the maximum penalty of Rs 250 crore. Failure to notify breaches: Rs 200 crore. Children's data violations: Rs 200 crore. These are per-breach, not annual caps.
What is a Data Fiduciary under the DPDP Act?+
A Data Fiduciary is any person or organisation that determines the purpose and means of processing personal data — essentially, any company that decides why and how personal data is collected and used. If your organisation collects customer, employee, or user data, you are a Data Fiduciary.
How long does DPDP compliance take?+
Most organisations need 9-12 months for full implementation, depending on their current maturity. This includes data mapping, consent infrastructure, deletion capabilities, breach response procedures, and vendor contract updates. Starting sooner reduces risk and cost.
Is this assessment free?+
Yes, completely free. You can complete the assessment and see your readiness score, category breakdown, and top recommendations without providing any personal information. An optional email capture lets you download a detailed PDF report.
What happens to my assessment data?+
Your answers are used solely to calculate your readiness score on this page. If you provide your email for the PDF report, we store your email and scores to deliver the report. We do not share your data with third parties or use it for purposes beyond delivering your assessment results.
Is this a DPDP readiness test, a readiness check, or a full assessment?+
They are the same thing. This free DPDP readiness assessment, sometimes called a readiness test, readiness check, or self-assessment, uses 15 weighted questions to gauge how prepared your organisation is for the DPDP Act 2023. You get an instant score and a gap breakdown without signing up.
What is on a DPDP readiness checklist?+
A practical DPDP compliance checklist covers consent and notice, a Record of Processing Activities (RoPA), data principal rights and grievance handling, breach detection and notification, security safeguards, data retention and erasure, children's data, and vendor and processor contracts. This assessment scores you against each area and turns the gaps into a prioritised checklist.
What are the main DPDP compliance requirements?+
Core DPDP requirements include obtaining valid consent with a clear notice, processing data only for the stated purpose, honouring data principal rights such as access, correction, erasure, and grievance redressal, notifying the Data Protection Board and affected individuals of breaches, implementing reasonable security safeguards, and deleting data once its purpose is served. Significant Data Fiduciaries have extra duties such as appointing a DPO and undergoing annual audits.