1. Does it apply?
Yes if you offer goods/services to, or monitor, individuals in the EU/EEA. Many Indian SaaS and services companies are in scope.
2. The essentials
- Map data and build a Record of Processing Activities.
- Establish lawful bases and update notices/consent.
- Implement data-subject rights and 72-hour breach notification.
- Handle international transfers (SCCs).
3. A head start on DPDP
GDPR and India’s DPDP Act share principles, so a GDPR programme strongly accelerates DPDP readiness.
How CyberSigma helps
We run GDPR readiness aligned with your DPDP obligations for a single, efficient global privacy posture.
This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.
