Free · No signup required · Results in 2 minutes

Free DPDP Compliance Checker

Answer 6 questions. Know exactly where you stand under India's DPDP Act 2023.

About Your Business

Where is your business registered or primarily operating?

In India

Registered or primarily operating within India

Outside India — but I serve Indian customers

e.g., a US or UK company with customers in India

Outside India — no Indian customers

All my customers are outside India

Data Collection

Do you collect personal data from customers?

Personal data includes: name, phone number, email, address, payment info, purchase history, location

Yes — I collect at least some of these

No — I don't collect any customer information

Collection Method

How do you primarily collect customer data?

Website or mobile app

Registration forms, checkout, login — data goes directly into a system

WhatsApp / Instagram DMs

Customers send their address, phone, or payment details via DM

Physical forms / POS — later entered into computer

Paper forms, billing software, Excel sheets, or any software

Paper only — never entered into any computer

Physical files or registers, never digitised

Multiple methods

Combination of online, offline, and social

Scale

How many customers' data do you approximately hold?

Less than 100

100 – 1,000

1,000 – 10,000

More than 10,000

Special Categories

Do any of your customers include children under 18?

E.g., schools, coaching centres, EdTech, gaming apps, children's products

Yes — some or all customers may be under 18

No — all customers are adults

Not sure

Third Parties

Do you share customer data with any third-party services?

E.g., payment gateways (Razorpay, Paytm), delivery companies (Shiprocket, Dunzo), CRMs, email tools, ad platforms

Yes — I use third-party services that handle customer data

No — I keep all data in-house

DPDP Likely Does Not Apply to You

Based on your answers, the DPDP Act 2023 does not currently apply to your business.

Why?

Not legal advice. If your business activities change, reassess immediately.

📋

Likely Not Covered — But Verify

Paper-only data that is never digitised is generally not covered under the DPDP Act. However, as soon as any data enters a phone, computer, or software — compliance obligations begin.

⚠️ Be Careful

If anyone in your business photographs a form, enters data into Excel, WhatsApp, or billing software — even once — you become covered under Section 3(a)(ii) of the DPDP Act.

Join the beta

Yes — DPDP Compliance is Mandatory for Your Business

You must be compliant by May 13, 2027

DPDP Act Section That Applies to You

Your Compliance Obligations

Obtain free, informed, specific consent before collecting data

Consent notice must state exactly what data is collected and why (DPDP Act Section 6)

Publish a Privacy Notice

Must list data collected, purposes, third parties, and how customers can exercise their rights

Handle Data Subject Requests (DSRs)

Customers can request access, correction, or deletion of their data at any time

Notify breaches within 72 hours

Any data breach must be reported to the Data Protection Board and affected customers

Sign Data Processing Agreements with third parties

As a Data Fiduciary sharing data with processors (Razorpay, Shiprocket etc.), you're responsible for their compliance

Children's Data — Extra Obligations Apply

• Parental consent required before processing data of anyone under 18
• Must verify parent's identity (DigiLocker age token recommended)
• Cannot serve targeted advertising to children
• Cannot track or monitor children's behaviour

Penalty for violation: Up to ₹200 Crore

Your Penalty Exposure

₹250 Cr

Data breach (failure to protect)

₹200 Cr

Failure to notify breach

₹200 Cr

Children's data violation

₹50 Cr

Other compliance violations

Your Risk Level

EasyDP Gets You Compliant in 30 Minutes

Consent management, DSR ticketing, multilingual notifications — all in one platform built specifically for India's DPDP Act.

Join the beta →