DPDP Penalty Calculator
Estimate your exposure under India's Digital Personal Data Protection Act 2023. Adjust the inputs to see how breach size, data type, and response time affect penalty range under DPDP Act §33.
Not legal advice · Penalty ranges based on DPDP Act Schedule · Updated 2026
Your business
The breach scenario
Your response
Results update live as you adjust — click to highlight & scroll
How the calculation works
Three factors drive the estimate: the statutory cap from the DPDP Schedule, scale factors based on data principals affected, and mitigation credits for documented controls.
DPDP §33 Schedule
Maximum penalties per contravention: ₹250 Cr for security failure, ₹200 Cr for notification failure or children's data, ₹150 Cr for SDF non-compliance, ₹50 Cr for other breaches.
Scale factor
Penalties scale with number of data principals affected. A breach of 10,000 users triggers a different response than 10 million, even under the same statutory maximum.
Mitigation credits
Documented security controls, fast notification (<72h), cooperative investigation, and first-violation status reduce exposure. Children's data and repeat offences increase it.
Worried about your actual exposure?
Book a 30-min DPDP scoping call. We review your data flows, consent posture, and breach-response readiness — and tell you honestly whether the penalty estimates apply to you.
Penalties are avoidable — the playbook exists
The DPDP Act's penalty scale (up to ₹250 crore per instance) is what the number above models. Lower your exposure by operationalising the Act, not just understanding it.