We use essential cookies to run this site. Analytics & marketing cookies load only with your consent — see our Cookie Policy and Privacy Policy.

Quarterly Report · Q4 2026

DPDP Readiness Index — Q4 2026

How prepared are Indian industries for DPDP enforcement — and where the widest privacy gaps sit as the Rules progress.

Summary

As the DPDP Rules progress toward enforcement, readiness varies sharply by industry. The organisations most exposed are consumer-data-heavy sectors that lifted a GDPR programme or wrote policies before mapping their data.

₹250 cr
Maximum penalty per breach category
SDF
Significant Data Fiduciary — extra duties
DPO
Mandatory for SDFs

Readiness by industry

  • Healthcare & e-commerce: largest consumer-PII exposure, often the least-mature privacy programmes — highest risk.
  • Fintech: DPDP stacks on PCI + RBI; consent and cross-border are the gaps.
  • SaaS & IT/ITES: enterprise-driven security maturity, but DPDP consent/rights are newer gaps.
  • BFSI: strong governance muscle; SDF classification and DPO reporting are the action items.

The common failure

The single most common gap across industries is starting with policies before data mapping. Without a personal-data inventory you cannot scope consent, rights, retention or breach response — so the policy sits on top of an unknown estate.

Priorities

  • Map your personal-data inventory and flows first.
  • Determine SDF status and appoint a DPO with a board reporting line.
  • Make consent, rights and breach procedures demonstrably operate.
  • Integrate DPDP with existing governance rather than running a parallel programme.

Assess your DPDP readiness

Free DPDP readiness assessment and a prioritised gap plan.

DPDP compliance servicesBook a Consultation