Free — No signup required

Free DPDP Readiness Assessment
for Indian Businesses

Find out where your organisation stands on DPDP Act compliance. Answer 15 questions, get an instant score and a prioritised remediation roadmap.

Not sure if DPDP applies to you? Check first

Takes about 3 minutes

What This Assessment Covers

Data Visibility

Can you locate, classify, and map all personal data across your systems?

Sections 8(3), 11

Consent & Legal Basis

Do you collect, record, and honour consent as the Act requires?

Sections 4, 5, 6, 7

Security Safeguards

Are reasonable technical safeguards protecting personal data?

Section 8(5)

Retention & Deletion

Can you erase data when the purpose is fulfilled or consent is withdrawn?

Sections 8(7), 12

Incident Response & Governance

Do you have the people, processes, and plans for breach response and accountability?

Sections 8(6), 10, 13

DPDP Act 2023 Aligned

Every question maps to specific DPDP Act sections. Scored by compliance weight.

How It Works

Take the Assessment

Answer 15 questions about your data practices, consent, security, and governance.

Get Your Score

See your overall readiness score and category breakdown instantly — no email required.

See Your Roadmap

Get prioritised action items with DPDP Act references and a downloadable PDF report.

Frequently Asked Questions About DPDP Compliance

What is the DPDP Act 2023?+
The Digital Personal Data Protection Act, 2023 is India's comprehensive data privacy law. It governs how organisations collect, process, store, and delete personal data of individuals in India. The Act establishes rights for data principals (individuals) and obligations for data fiduciaries (organisations).
Who needs to comply with the DPDP Act?+
Every organisation that processes digital personal data within India, or processes data of individuals in India for offering goods or services. There is no size threshold — startups, SMEs, and large enterprises all must comply with baseline obligations.
What are the DPDP compliance deadlines?+
The DPDP Rules were notified on November 14, 2025, with a three-phase rollout. Consent manager provisions take effect November 14, 2026. Full substantive compliance — including consent, breach notification, data principal rights, and erasure — is required by May 14, 2027.
What penalties does the DPDP Act impose?+
Penalties range up to Rs 250 crore per breach. Failure to implement reasonable security safeguards carries the maximum penalty of Rs 250 crore. Failure to notify breaches: Rs 200 crore. Children's data violations: Rs 200 crore. These are per-breach, not annual caps.
What is a Data Fiduciary under the DPDP Act?+
A Data Fiduciary is any person or organisation that determines the purpose and means of processing personal data — essentially, any company that decides why and how personal data is collected and used. If your organisation collects customer, employee, or user data, you are a Data Fiduciary.
How long does DPDP compliance take?+
Most organisations need 9-12 months for full implementation, depending on their current maturity. This includes data mapping, consent infrastructure, deletion capabilities, breach response procedures, and vendor contract updates. Starting sooner reduces risk and cost.
Is this assessment free?+
Yes, completely free. You can complete the assessment and see your readiness score, category breakdown, and top recommendations without providing any personal information. An optional email capture lets you download a detailed PDF report.
What happens to my assessment data?+
Your answers are used solely to calculate your readiness score on this page. If you provide your email for the PDF report, we store your email and scores to deliver the report. We do not share your data with third parties or use it for purposes beyond delivering your assessment results.

Start Building Your DPDP Compliance Programme

Vratex is India's GRC platform built for DPDP Act and ISO 27001 compliance. Risk register, audit checklists, AI gap analysis — all in one place.

Learn more about Vratex