Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
DPDP Compliance Practitioner · modules
Act, Rules, operations. From theory to shipping a compliant product.
Module 5 · Data Subject Rights — Building the DSR Workflow
Why this module exists. DPDP Sections 11, 12, 13 grant Data Principals four rights: access, correction, erasure, grievance redress. Every Data Fiduciary must have a workflow to honour these. The workflow is where most Indian businesses fail — they have a privacy notice, no DSR pipeline, and a 7-day deadline they can’t meet. The four […]
Module 6 · Cross-Border Data Transfers — DPDP §16 in Practice
Why this module exists. DPDP §16 is the section every Indian SaaS founder argues with their legal team about. “Can we use AWS US?” “Can we send data to our analytics team in Singapore?” “What about Stripe?” The answers depend on where you are sectorally and what mechanism you use. Most enterprises operate in a […]
Module 7 · Vendor & Data Processor Management Under DPDP §8(7)
Why this module exists. DPDP §8(7) requires every Data Fiduciary to enter into a contract with every Data Processor. The contract must contain specific elements, and the Data Fiduciary remains liable for processor failures. Most Indian businesses signed vendor agreements years ago; few of those agreements meet §8(7). This module is the rebuild playbook. Who […]
Module 8 · Data Retention & Erasure — DPDP §8(7) and §12
Why this module exists. “How long do we keep customer data?” is the question that has the most-wrong answers in Indian SaaS. The right answer is structured: per-data-category retention, with sectoral overrides, with erasure capability for data principals. Implementing this requires both legal mapping and engineering work. The DPDP retention principle §8(7)(d): “the personal data […]
Module 9 · DPIA — Data Protection Impact Assessment Under DPDP
Why this module exists. §10(2)(c) requires Significant Data Fiduciaries (SDFs) to conduct DPIAs. The Rules (when published) will likely extend DPIA expectations to high-risk processing by all Data Fiduciaries. Most Indian businesses have never done one. The methodology is more practical than the legal text suggests. What a DPIA is A structured assessment of a […]
Module 10 · Children’s Data Under DPDP §9
Why this module exists. DPDP §9 is the strictest section of the Act. It prohibits behavioural tracking of children, prohibits targeted advertising to children, and requires verifiable parental consent for processing children’s data. Indian edtech, social media, gaming, and even general e-commerce all touch this section. The penalties for §9 violations are uncapped relative to […]
Module 11 · DPDP Penalties, Adjudication & Appeals
Why this module exists. “How much can DPDP fines actually be?” The answer depends on the specific violation, the harm caused, and the discretion of the Data Protection Board. The Schedule maps violations to caps; the adjudication process determines the actual amount. Both sides — what gets fined and how — are widely misunderstood. The […]
Module 12 · DPDP for SaaS — Building DPDP-Compliant Indian SaaS
Why this module exists. Indian SaaS companies are growing 30% YoY and most are scaling faster than their compliance posture. Founders wait until “we hit ₹10 crore ARR” or “we have to sell to a regulated customer” — by which time retrofitting DPDP costs 5x more than building it in. This module is the day-one […]
Module 13 · DPDP Audit Readiness — DPB Inspection Playbook
Why this module exists. The Data Protection Board has inspection powers under §28. When the DPB shows up — physically or via written information request — you have days, not months, to produce evidence. Most Indian businesses can’t currently. This module is the readiness checklist. What the DPB can ask for Under §28 + civil-court […]
Module 14 · DPDP × RBI / SEBI / IRDAI / GDPR Mapping
Why this module exists. Indian regulated entities don’t operate under DPDP alone. RBI Cyber Framework, SEBI CSCRF, IRDAI guidelines, ABDM, plus international frameworks (GDPR, ISO 27701) for global customers. Each has overlapping but distinct requirements. The compliance team that maps them all onto a unified control set ships faster than the team that runs three […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.