Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
DPDP Compliance Practitioner · modules
Act, Rules, operations. From theory to shipping a compliant product.
Module 5 · Data Subject Rights — Building the DSR Workflow
Why this module exists. DPDP Sections 11, 12, 13 grant Data Principals four rights: access, correction, erasure, grievance redress. Every Data Fiduciary must have a workflow to honour these. The workflow is where most Indian businesses fail — they have a privacy notice, no DSR pipeline, and a 7-day deadline they can’t meet. The four […]
Module 6 · Cross-Border Data Transfers — DPDP §16 in Practice
Why this module exists. DPDP §16 is the section every Indian SaaS founder argues with their legal team about. “Can we use AWS US?” “Can we send data to our analytics team in Singapore?” “What about Stripe?” The answers depend on where you are sectorally and what mechanism you use. Most enterprises operate in a […]
Module 7 · Vendor & Data Processor Management Under DPDP §8(7)
Why this module exists. DPDP §8(7) requires every Data Fiduciary to enter into a contract with every Data Processor. The contract must contain specific elements, and the Data Fiduciary remains liable for processor failures. Most Indian businesses signed vendor agreements years ago; few of those agreements meet §8(7). This module is the rebuild playbook. Who […]
Module 8 · Data Retention & Erasure — DPDP §8(7) and §12
Why this module exists. “How long do we keep customer data?” is the question that has the most-wrong answers in Indian SaaS. The right answer is structured: per-data-category retention, with sectoral overrides, with erasure capability for data principals. Implementing this requires both legal mapping and engineering work. The DPDP retention principle §8(7)(d): “the personal data […]
Module 10 · Children’s Data Under DPDP §9
Why this module exists. DPDP §9 is the strictest section of the Act. It prohibits behavioural tracking of children, prohibits targeted advertising to children, and requires verifiable parental consent for processing children’s data. Indian edtech, social media, gaming, and even general e-commerce all touch this section. The penalties for §9 violations are uncapped relative to […]
Module 11 · DPDP Penalties, Adjudication & Appeals
Why this module exists. “How much can DPDP fines actually be?” The answer depends on the specific violation, the harm caused, and the discretion of the Data Protection Board. The Schedule maps violations to caps; the adjudication process determines the actual amount. Both sides — what gets fined and how — are widely misunderstood. The […]
Module 12 · DPDP for SaaS — Building DPDP-Compliant Indian SaaS
Why this module exists. Indian SaaS companies are growing 30% YoY and most are scaling faster than their compliance posture. Founders wait until “we hit ₹10 crore ARR” or “we have to sell to a regulated customer” — by which time retrofitting DPDP costs 5x more than building it in. This module is the day-one […]
Module 13 · DPDP Audit Readiness — DPB Inspection Playbook
Why this module exists. The Data Protection Board has inspection powers under §28. When the DPB shows up — physically or via written information request — you have days, not months, to produce evidence. Most Indian businesses can’t currently. This module is the readiness checklist. What the DPB can ask for Under §28 + civil-court […]
Module 3 · Designing Consent UX
Most DPDP compliance failures don’t happen at the database layer or the security layer — they happen at the pixel layer. A pre-ticked marketing box, a bundled “I agree to everything” checkbox, an unsubscribe link buried in a footer, a cookie banner with no “reject all” option. These are product decisions, not legal decisions. Which […]
Module 2 · Data Mapping Workshop
Every DPDP compliance failure begins with the same sentence: “We didn’t know we had that data.” Data mapping is the discipline of finding out — comprehensively, systematically, and in a format you can defend to a Data Protection Board inquiry. If you read only one module from this path before your organisation’s DPDP compliance programme […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.