DPDP Rules, 2025 are now in effect. See where your business stands, in 3–5 minutes.Find out — free →
DPDP Rules, 2025 are in effect — see where you stand in 3–5 minutes

See exactly where your business stands on DPDPA

Pick your business type for an instant read on what applies, where you're exposed, and what to do next — in plain English, no legal degree required.

I run a…
Free
3–5 minutes
No email to start
Plain English
Not legal advice
Clinics & Diagnostic LabsSample · illustrative
41/ 100
High-priority action

Significant gaps — start a focused fix plan now.

Top gap: reports shared over WhatsApp with no consent or retention limit.

First fix: add a consent line and a 6-month retention rule.

Pick your business on the left to see your own read.

Free
3–5 minute assessment
200+
Briefings published
12
Sector assessments
50+
Resources available

Educational, not alarmist

We explain what DPDPA actually requires in language that founders and operations teams can act on, not fear-mongering.

Practical and actionable

Every briefing ends with a checklist. Every assessment ends with a roadmap. We focus on what to do, not just what the law says.

Built for Indian businesses

Not a GDPR guide repurposed for India. Every piece of content is written specifically for Indian business contexts and data practices.

Not legal advice

We are an intelligence and education platform. For formal legal opinions, engage a qualified data protection lawyer. We tell you what to prepare.

As seen in

SaralPrivacy's DPDPA readiness assessment has been featured in ANI, Business Standard, The Tribune, Lokmat Times, and Latestly.

What is DPDPA?

DPDPA is India's framework for handling digital personal data, and the DPDP Rules, 2025 have now been notified. For Indian businesses, the real work is operational: fix your notices, consent flows, rights handling, retention logic, and vendor controls. SaralPrivacy helps you understand what matters, assess your risk, and prioritise the next 30 to 90 days.

Where DPDPA risk hides

Follow the data. The risk becomes visible.

Most Indian businesses don't lack a privacy policy. They lack visibility into where personal data actually lives.

Personal data enters your business
…and scatters to:
  • WhatsAppConsent gap
  • Google DriveAccess gap
  • Excel / SheetsRetention gap
  • CRM / softwareVendor gap
  • Email inboxesAccess gap
  • CCTV / footageEvidence gap
  • Old archivesRetention gap
  • Third-party vendorsVendor gap

DPDPA risk usually hides in ordinary workflows — not in legal documents.

The report

See what your verdict looks like

Every assessment ends in a scored, sector-specific report. Here is a live preview — pick a sector to see its shape.

Clinics & Diagnostic Labs
Sample · illustrativeHigh
Patient data handling44
Consent & notice38
Sharing & vendors26
Retention limits31
Breach readiness22

Top gap: Reports shared over WhatsApp with no consent line or retention limit.

Get your real score
Explore DPDPA by your sector

Same law. Different data. Different fixes.

A clinic, a CA firm and a D2C brand all hold personal data — but the risks, obligations and fixes are completely different. Pick yours.

Recruitment Agencies

Candidate ID & CV risk
  • CV databases & candidate data
  • Client profile sharing
  • Background check documents
  • Cross-border data flows

Find out whether your recruitment workflows create DPDPA exposure in 3–5 minutes.

CA Firms

PAN / Aadhaar / ITR risk
  • PAN / Aadhaar / bank data
  • Client payroll records
  • Cloud drives & shared folders
  • Sensitive financial documents

Understand your DPDPA obligations for client records, payroll data, and firm operations.

Training Institutes

Student & parent data risk
  • Student & parent data
  • Admissions & lead forms
  • Digital marketing consent
  • Placement data retention

Check whether your admissions, marketing, and student data workflows are DPDPA-ready.

D2C Brands

Marketing & pixel-data risk
  • Email / SMS / WhatsApp marketing
  • Third-party analytics & pixels
  • Customer loyalty data
  • Retention of inactive customers

See whether your customer acquisition and retention stack creates DPDPA risk.

Clinics & Diagnostic Labs

Health-data risk
  • Prescriptions & lab reports
  • WhatsApp report sharing
  • Reception & lab staff access
  • Old patient-record retention

Check whether your patient-data and report-sharing workflows are DPDPA-ready.

Schools & Colleges

Children's-data risk
  • Children's data & parent consent
  • School apps, ERP & LMS
  • CCTV, biometric & transport GPS
  • Student photos & old records

Check whether your student-data, parent-consent and monitoring workflows are DPDPA-ready.

Law Firms & Legal Consultants

Sensitive case-file risk
  • Client KYC & evidence files
  • Junior / intern / ex-staff access
  • WhatsApp & email document sharing
  • Closed matter-file retention

Check whether your matter intake, sensitive-file access and sharing workflows are DPDPA-ready.

Real Estate & Property Firms

KYC & broker-sharing risk
  • Buyer/tenant KYC & PAN/Aadhaar
  • WhatsApp lead & document sharing
  • Broker networks & loan partners
  • Old lead-database retention

Check whether your KYC handling, broker sharing and lead retention workflows are DPDPA-ready.

Hotels, Hospitality & Travel

Guest-ID retention risk
  • Guest IDs & passport copies
  • OTA & travel-vendor sharing
  • WhatsApp confirmations & CCTV
  • Old guest-record retention

See whether your guest IDs, OTA sharing, travel documents and record retention are DPDPA-ready.

Pharmacies & Online Pharmacies

Prescription-data risk
  • Prescriptions & medicine history
  • WhatsApp orders & health indicators
  • Delivery-partner data sharing
  • Old prescription retention

Check whether your prescriptions, medicine-history handling and vendor sharing are DPDPA-ready.

Fintech, NBFC & Digital Payments

KYC & profiling risk
  • KYC, PAN/Aadhaar & bank data
  • Bureau checks & credit profiling
  • DSAs & collection-agent access
  • Old application & KYC retention

See whether your KYC, profiling, partner sharing and agent access are DPDPA-ready.

Gyms, Salons & Spas

Photo & health-data risk
  • Health & body measurements
  • Customer & before-after photos
  • WhatsApp campaigns & staff phones
  • Old member-record retention

Check whether your photo consent, health-data handling and staff access are DPDPA-ready.

Practitioner guide · Free download

The complete DPDPA guidefor Indian businesses

A practitioner-grade guide, now in 7 Indian languages, that covers everything your business needs to know about DPDPA, from applicability to enforcement, without the legalese.

Englishहिन्दीગુજરાતીमराठीಕನ್ನಡதமிழ்తెలుగు
  • What DPDPA is and who it applies to, in plain English
  • Obligations for Data Fiduciaries: consent, notice, security, breach
  • Risk snapshots for all 12 sectors, plus the OPERATE framework
  • Rights of individuals and how businesses must respond
  • Enforcement timeline and penalty structure
  • Your 90-day privacy readiness action plan
Download the free 7-language guide

Requires name, work email, and industry. Separate consent options for follow-up.

Frequently asked questions

Quick answers to the questions Indian business owners ask most about DPDPA.

The Digital Personal Data Protection Act, 2023 is India's first comprehensive data protection legislation. It governs how personal data of Indian citizens can be collected, stored, processed, and used by businesses and organisations. The Act was passed by Parliament in August 2023. The DPDP Rules, 2025 have been notified, with phased commencement, making this implementation time for businesses. It establishes rights for individuals over their personal data and obligations for businesses that process that data.

DPDPA briefings, delivered to your inbox

Get practical DPDPA updates, compliance tips, and regulatory developments: a short daily briefing, written for business owners, not lawyers.

Consent

Your data is processed as described in our Privacy Notice. We do not pre-check consent boxes. You must opt in actively.