Free calculator

What’s your DPDP penalty exposure?

Answer six quick questions to see your indicative maximum penalty exposure under India’s Digital Personal Data Protection Act, 2023 — and exactly which gaps drive it. Then get a prioritised remediation plan from CERT-In empanelled auditors.

1. How many individuals’ personal data do you hold?
2. Do you have reasonable security safeguards (encryption, access control, logging, tested)?
3. Do you have a documented breach detection & notification process (to the Board and affected persons)?
4. Do you have consent, privacy notice, grievance redressal and erasure mechanisms for data principals?
5. Do you process data of children (under 18)?
6. Could you be a Significant Data Fiduciary (large-scale or sensitive data)? If so, do you have a DPO, DPIA and independent audit?

How DPDP penalties work

₹250 crore is real

The Schedule to the DPDP Act, 2023 sets a maximum penalty of ₹250 crore for failing to take reasonable security safeguards to prevent a data breach — the single largest cap in the Act.

Penalties stack by obligation

Different failures carry separate caps — breach notification (₹200 cr), children’s data (₹200 cr), Significant Data Fiduciary duties (₹150 cr) and other provisions (₹50 cr) — so exposure adds up across gaps.

Gaps are fixable now

The Board weighs nature, gravity and duration. Closing gaps with a DPDP readiness plan before enforcement is the most reliable way to reduce both exposure and the odds of action.

See all free calculators & tools →