Data Protection

DPDP Act 2023.
Fully compliant.

India's Digital Personal Data Protection Act 2023 creates mandatory obligations for every business that processes personal data. Non-compliance penalties are significant. Implementation is non-negotiable.

₹18,999
Service Overview

What is DPDP Compliance?

The DPDP Act 2023 regulates the processing of digital personal data in India. It applies to any business that collects, stores, processes or transmits personal data of Indian residents — which includes virtually every business with a website, app, employee or customer. Our package delivers full compliance implementation, not just a policy document.

What's Included

Everything in this engagement.

DPDP applicability assessment

Mapping your data processing activities and confirming applicable obligations

Data inventory & mapping

Identifying all personal data collected, processed and stored

Privacy policy drafting

DPDP-compliant privacy policy tailored to your business

Consent notice preparation

Purpose-specific consent notices for all data collection points

Grievance Officer designation

Documentation and designation of Grievance Officer as required

Data Principal rights framework

Processes for handling access, correction and erasure requests

Vendor data processing review

Assessment of third-party data processors and standard clauses

Implementation checklist

Step-by-step implementation guide for your team

Two revisions

Two rounds of revisions on delivered documentation

NOT INCLUDED IN THIS PACKAGE
Data Protection Impact Assessments (separate engagement)
Ongoing compliance monitoring (covered under Compliance Management)
Software or technical implementation
FAQ

Frequently asked questions.

Does the DPDP Act apply to my business?
If your business collects, stores or processes any personal data of Indian residents — including names, emails, phone numbers, device data or IP addresses — yes, the Act applies.
What are the penalties for non-compliance?
The DPDP Act specifies penalties of up to ₹250 crores for significant violations. Even procedural non-compliance can attract penalties of up to ₹50 crores.
My business is small. Does the DPDP Act still apply?
Yes. The Act applies to all Data Fiduciaries regardless of size, with certain exemptions for specific categories of personal data.
Is a privacy policy alone sufficient for DPDP compliance?
No. A privacy policy is one component. Full compliance also requires consent mechanisms, data principal rights processes, Grievance Officer designation, and vendor management.
How long does implementation take?
Our package is delivered in 10–21 business days. Full internal implementation by your team typically takes 2–4 weeks thereafter.
Related Services

Get Started

₹18,999
Standard Turnaround10–21 business days
Prices shown are indicative starting prices. Final fee confirmed post-consultation. Government fees and third-party charges are additional and non-refundable. One revision included. Governed by Vilot's Terms of Use.
Further Reading

From the Vilot Legal Blog.

DPDP Act 2023: Startup Compliance GuideRead → Is Your Privacy Policy DPDP-Compliant?Read →
Ready to begin?

Start with a free consultation.

No obligation. No legal advice. A Vilot advisor will understand your situation and confirm whether this service is right for your business.

Book Free Consultation → Browse All Services