Loading…
Personal data of Indian data principals processed digitally — extraterritorial reach when offering goods or services in India.
Operative rules covering consent, notice, security safeguards, breach notification, and Data Protection Board procedures.
Section 43A reasonable security practices, Section 72A privacy obligations, CERT-In incident reporting under the 2022 directions.
Sensitive Personal Data or Information rules — interim baseline until DPDP Rules are fully notified and enforced.
Mandatory 6-hour incident reporting for designated cyber incidents; 180-day log retention.
Localization, outsourcing, and breach reporting obligations layered on top of DPDPA for regulated entities.
We act as your local DPO, manage Board interactions, and run breach response — so your global product team doesn't have to.