DPDPA 2023: A Practical Starting Checklist for Indian Businesses

DPDPA Is Now Part of Doing Business in India

India's Digital Personal Data Protection Act, 2023 sets clear obligations for any business that handles personal data. Compliance is not a single project — it starts with knowing what you hold.

A Practical First Checklist

Map your data: what personal data you collect, why, where it lives, and who can access it. Review consent — it must be informed, specific and easy to withdraw. Tighten access so staff see only what their role requires. Define retention, so data is not kept indefinitely just in case.

Finally, prepare for the obligations that follow a breach, including notification timelines. Treating data protection as an operating discipline — documented and reviewed — is far less painful than reconstructing it under scrutiny.