April 20, 2026
Data exfiltration incidents were difficult enough before the DPDP Act 2023. Now they carry statutory teeth: notification obligations to the Data Protection Board and to affected data principals, penalties that can reach 250 crore rupees for failure to implement reasonable security safeguards, and an evolving interpretation that will be shaped by the Board’s early enforcement […]
April 19, 2026
When DPDP requires a DPO, when to hire one anyway, the candidate profile, market rates in 2026, the fractional-DPO alternative, and the hiring process.
Data Principal rights under DPDP β the four substantive rights, the 6-stage request-response workflow, templates for access and erasure responses, and the failures we see most often.
GDPR-compliant organizations extending to DPDP β what transfers directly, what needs adjustment, and the 10 material differences between the two regimes.
The 72-hour DPDP breach notification runbook: when the clock starts, the first hour, hour-by-hour actions through 72 hours, notification content, and pre-breach preparation.
The 14-item DPDP readiness checklist for Indian SaaS companies β operational obligations, the dual Fiduciary/Processor role, DPA templates, and what to do in what order over 90 days.
The full DPDP penalty schedule, how quantum is determined, aggregation rules, the voluntary-undertaking mechanism, and the rough penalty-vs-compliance cost math that makes the business case for a working DPDP programme.
A practitioner walkthrough of the DPDP Act 2023 β section by section, in the order obligations apply in a product lifecycle. Not legal advice, but operationally accurate for founders and product leaders.
The complete 2026 guide to DPDP Act compliance for Indian businesses β obligations, penalties, SDF designation, breach notification, cross-border transfers, and what a working compliance programme actually looks like.