Free Template

DPDP Act 2023 Compliance Checklist for Indian Businesses — Free 2026

The Digital Personal Data Protection (DPDP) Act 2023 is India's primary data privacy law — applicable to any business that processes personal data of Indian citizens, whether data is stored in India or abroad. This free checklist helps Indian businesses assess and achieve DPDP compliance across 6 key domains.

Frequently Asked Questions

Does the DPDP Act apply to my Indian small business?

The DPDP Act applies to any "Data Fiduciary" — any entity that determines the purpose and means of processing personal data of Indian citizens. This includes most Indian businesses that collect customer phone numbers, email addresses, or employee data. The Act has not yet specified exemptions for small businesses by revenue or employee count.

What is the penalty for DPDP Act non-compliance in India?

The DPDP Act prescribes penalties up to ₹250 crore for a single violation. Penalties for failing to notify a data breach can reach ₹200 crore. However, enforcement will be phased — the Data Protection Board is still being constituted (as of mid-2026). Businesses should use this window to achieve compliance before enforcement begins.

Is health data treated differently under DPDP Act in India?

Yes — health data is classified as "sensitive personal data" requiring stricter controls: explicit (not just inferred) consent, stronger security controls, and additional obligations for healthcare Data Fiduciaries. Hospitals, diagnostic labs, and health-tech apps have higher compliance obligations.

Get a DPDP compliance assessment for your Indian business — we identify gaps and implement required technical controls.