DPDP Penalty Calculator
Estimate your exposure under India's Digital Personal Data Protection Act, 2023. Adjust the sliders to see how breach size, data type, and response time affect the penalty range under DPDP Act Sec 33.
Not legal advice · Penalty ranges based on DPDP Act Schedule · Updated 2026
Your business
The breach scenario
Your response
Results update live as you adjust — click to highlight & scroll
How the calculation works
DPDP Sec 33 Schedule
Maximum penalties per contravention: ₹250 Cr for security failure, ₹200 Cr for notification failure or children's data, ₹150 Cr for SDF non-compliance, ₹50 Cr for other breaches.
Scale factor
Penalties scale with number of data principals affected. A breach of 10,000 users triggers a different response than 10 million, even under the same statutory maximum.
Mitigation credits
Documented security controls, fast notification (<72h), cooperative investigation, and first-violation status reduce exposure. Children's data and repeat offences increase it.
Worried about your actual exposure?
Book a 30-min DPDP scoping call. I'll review your data flows, consent posture, and breach-response readiness — and tell you honestly whether the penalty estimates above apply to you.
Book a free scoping call Read DPDP GuidePenalties are avoidable — the playbook exists
The DPDP Act's penalty scale (up to ₹250 crore per instance) is what the number above models. Lower your exposure by operationalising the Act, not just understanding it.