← Academy Hub
Learning Track · 14 modules

DPDP Compliance Practitioner

Act, Rules, operations. From theory to shipping a compliant product.

Why this track

India's Digital Personal Data Protection Act 2023 is in force and Rules continue to notify in tranches. This track converts the legal text into operational practice — what to ship in your data inventory, how consent UX should actually work, how to fulfil data principal rights at SLA, what a defensible breach playbook looks like, and how to layer DPDP on top of sectoral regulations (RBI / SEBI / IRDAI / ABDM). It is the working manual for compliance practitioners, DPOs, and engineering leads who own the operational side of privacy.

What you will be able to do
  • Build a DPDP-defensible data inventory and processing register
  • Design consent UX that meets the Act and the notified Rules
  • Operate a DSR workflow with verifiable SLAs and audit trail
  • Run a 72-hour breach playbook that survives DPB scrutiny
  • Lead a DPIA for high-risk processing and produce SDF-grade artefacts
Prerequisite: No formal prerequisite. Familiarity with software systems helps.
14
Modules
11.2 h
Total time
14
Free modules
Quiz retries
Difficulty mix
Beginner · 1 Intermediate · 10 Advanced · 3

Module sequence

M1
DPDP Act Foundations
You’ve heard the name. “DPDP Act.” Somebody in your organisation has mentioned it in a meeting. Maybe legal sent a memo. Maybe your startup accelerator flagged it. This module is where you go from “I’ve heard of it” to “I can explain it and act on it.” The Digital Personal Data Protection Act, 2023 is […]
Beginner 60 min
M2
Data Mapping Workshop
Every DPDP compliance failure begins with the same sentence: “We didn’t know we had that data.” Data mapping is the discipline of finding out — comprehensively, systematically, and in a format you can defend to a Data Protection Board inquiry. If you read only one module from this path before your organisation’s DPDP compliance programme […]
Intermediate 90 min
M3
Designing Consent UX
Most DPDP compliance failures don’t happen at the database layer or the security layer — they happen at the pixel layer. A pre-ticked marketing box, a bundled “I agree to everything” checkbox, an unsubscribe link buried in a footer, a cookie banner with no “reject all” option. These are product decisions, not legal decisions. Which […]
Intermediate 90 min
M4
Breach Response Tabletop
It’s 2:47 AM on a Tuesday. Your PagerDuty wakes you up. A customer has tweeted a screenshot of what looks like your production database on a Telegram channel. Your heart rate spikes. You have approximately 72 hours before the Data Protection Board of India expects to hear from you. This module is about what happens […]
Advanced 120 min
M5
Data Subject Rights — Building the DSR Workflow
Why this module exists. DPDP Sections 11, 12, 13 grant Data Principals four rights: access, correction, erasure, grievance redress. Every Data Fiduciary must have a workflow to honour these. The workflow is where most Indian businesses fail — they have a privacy notice, no DSR pipeline, and a 7-day deadline they can’t meet. The four […]
Intermediate 35
M6
Cross-Border Data Transfers — DPDP §16 in Practice
Why this module exists. DPDP §16 is the section every Indian SaaS founder argues with their legal team about. “Can we use AWS US?” “Can we send data to our analytics team in Singapore?” “What about Stripe?” The answers depend on where you are sectorally and what mechanism you use. Most enterprises operate in a […]
Intermediate 30
M7
Vendor & Data Processor Management Under DPDP §8(7)
Why this module exists. DPDP §8(7) requires every Data Fiduciary to enter into a contract with every Data Processor. The contract must contain specific elements, and the Data Fiduciary remains liable for processor failures. Most Indian businesses signed vendor agreements years ago; few of those agreements meet §8(7). This module is the rebuild playbook. Who […]
Intermediate 30
M8
Data Retention & Erasure — DPDP §8(7) and §12
Why this module exists. “How long do we keep customer data?” is the question that has the most-wrong answers in Indian SaaS. The right answer is structured: per-data-category retention, with sectoral overrides, with erasure capability for data principals. Implementing this requires both legal mapping and engineering work. The DPDP retention principle §8(7)(d): “the personal data […]
Intermediate 30
M9
DPIA — Data Protection Impact Assessment Under DPDP
Why this module exists. §10(2)(c) requires Significant Data Fiduciaries (SDFs) to conduct DPIAs. The Rules (when published) will likely extend DPIA expectations to high-risk processing by all Data Fiduciaries. Most Indian businesses have never done one. The methodology is more practical than the legal text suggests. What a DPIA is A structured assessment of a […]
Advanced 35
M10
Children’s Data Under DPDP §9
Why this module exists. DPDP §9 is the strictest section of the Act. It prohibits behavioural tracking of children, prohibits targeted advertising to children, and requires verifiable parental consent for processing children’s data. Indian edtech, social media, gaming, and even general e-commerce all touch this section. The penalties for §9 violations are uncapped relative to […]
Intermediate 25
M11
DPDP Penalties, Adjudication & Appeals
Why this module exists. “How much can DPDP fines actually be?” The answer depends on the specific violation, the harm caused, and the discretion of the Data Protection Board. The Schedule maps violations to caps; the adjudication process determines the actual amount. Both sides — what gets fined and how — are widely misunderstood. The […]
Intermediate 25
M12
DPDP for SaaS — Building DPDP-Compliant Indian SaaS
Why this module exists. Indian SaaS companies are growing 30% YoY and most are scaling faster than their compliance posture. Founders wait until “we hit ₹10 crore ARR” or “we have to sell to a regulated customer” — by which time retrofitting DPDP costs 5x more than building it in. This module is the day-one […]
Intermediate 35
M13
DPDP Audit Readiness — DPB Inspection Playbook
Why this module exists. The Data Protection Board has inspection powers under §28. When the DPB shows up — physically or via written information request — you have days, not months, to produce evidence. Most Indian businesses can’t currently. This module is the readiness checklist. What the DPB can ask for Under §28 + civil-court […]
Intermediate 30
M14
DPDP × RBI / SEBI / IRDAI / GDPR Mapping
Why this module exists. Indian regulated entities don’t operate under DPDP alone. RBI Cyber Framework, SEBI CSCRF, IRDAI guidelines, ABDM, plus international frameworks (GDPR, ISO 27701) for global customers. Each has overlapping but distinct requirements. The compliance team that maps them all onto a unified control set ships faster than the team that runs three […]
Advanced 35

Related tracks

📋
Track
GRC, ISO 27001 & SOC 2
Governance, risk, compliance. ISO 27001, SOC 2, vendor risk, internal audits.
Track
DevSecOps
Security in the SDLC. SAST/DAST/SCA, IaC, CI/CD hardening, software supply chain.
🛡
Track
System Security
Hardening and operating systems defensively. Linux, Windows, logging, containers.

Common questions about this track

Do I need to be a lawyer to use this? +

No — this track is built for operational compliance practitioners (CISOs, DPOs, engineering leads, GRC teams). It interprets the Act in working terms, with templates and decision trees, while pointing to the legal text where authoritative.

How does DPDP overlap with sectoral rules? +

DPDP is the cross-cutting baseline. Sectoral regulators layer specific obligations on top. The track walks through the overlay matrix for the major sectors (BFSI, capital markets, insurance, healthcare, telecom).

Are templates included? +

Yes — RoPA template, DPIA framework, breach notification template, DSR workflow, DPA flow-down clauses, and a children's data verification design pattern.

Will this prepare me for SDF designation? +

Yes. Modules cover the SDF-specific obligations (DPO, DPIA cycle, independent data audit, algorithmic-fairness reviews) at operational depth.

Ready to start?

Begin with Module 1. Work through at your own pace. Free modules require no signup — everything else unlocks with a free RingSafe Academy account.

Start Module 1 → View pricing tiers 🗺️ Explore Skill Map