Read as
Last updated: April 29, 2026
Why this module exists. “How much can DPDP fines actually be?” The answer depends on the specific violation, the harm caused, and the discretion of the Data Protection Board. The Schedule maps violations to caps; the adjudication process determines the actual amount.
Why this module exists. “How much can DPDP fines actually be?” The answer depends on the specific violation, the harm caused, and the discretion of the Data Protection Board. The Schedule maps violations to caps; the adjudication process determines the actual amount. Both sides — what gets fined and how — are widely misunderstood.
The penalty schedule (Schedule of the Act)
| Violation | Maximum penalty |
|---|---|
| Failure to take reasonable security safeguards (§8(5)) | ₹250 crore |
| Failure to notify breach (§8(6)) | ₹200 crore |
| Non-fulfilment of children’s data obligations (§9) | ₹200 crore |
| Non-fulfilment of Significant Data Fiduciary obligations (§10) | ₹150 crore |
| Non-fulfilment of duties of Data Principal under §15 | ₹10,000 |
| Breach of any other provision | ₹50 crore |
Note: per breach. Multiple violations can compound.
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants