DPDP compliance readiness

Governance & accountability

• Assign a data protection lead and escalation path for data principal requests.
• Document lawful bases and purposes for each processing activity (RoPA-style inventory).
• Align retention schedules with product analytics, marketing, and HR datasets.

Transparency & consent

• Publish clear notices in English + required languages; avoid bundled dark patterns.
• Separate marketing consents where applicable; evidence opt-in trails.
• Support correction, erasure, and grievance SLAs with ticketing metrics.

Security & vendors

• Map subprocessors; align DPAs with security annexes and breach notification timelines.
• Apply encryption and access controls for sensitive personal data flows.
• Run tabletop exercises for breach detection, regulator dialogue, and customer comms.