India | DPDP Act advisory

DPDP Act readiness for India's technology businesses.

Practical privacy advice for product, legal and security teams building accountable technology in India.

Book a consultation Submit a brief

Readiness map

Advisory

Applicability

Does the Act apply?

Priority controls

What changes first?

Evidence

What records should exist?

Explore expertise

Trusted by

Statutory lifecycle

Advice organised around the decisions the Act requires.

A DPDP Act programme should make duties actionable: identify the processing, choose the right control, and leave usable evidence.

Applicability and processing grounds

Identify processing activities, roles, territorial reach, and the permitted purpose for each personal data flow.

Notice, consent and legitimate uses

Build the notices, consent journeys, withdrawal controls, and documented legitimate-use decisions that product teams can run.

Safeguards and breach readiness

Translate data fiduciary duties into vendor, access, retention, security, and incident-response routines.

Children and significant fiduciaries

Assess heightened duties for children and Significant Data Fiduciaries under Sections 9 and 10 of the Act.

Rights and grievance handling

Design operational workflows to receive, verify, answer, and evidence data principal requests and grievances.

View services and outputs

Engagements

Starting points for scoped privacy work.

The final fee depends on systems, timelines, roles and deliverables confirmed in the initial consultation.

View all engagement details

Priority starting point

Gap assessment

starting from

INR 50,000

A focused gap assessment for an organisation establishing its first DPDP Act action plan.

Implementation engagement

starting from

INR 2,50,000

A structured implementation scope for growing businesses preparing operating controls and documentation.

Enterprise and ongoing advisory

scoped engagement

Custom

Multi-entity, high-volume, or continuing privacy support with a proposal after consultation.

Method

A clear operating path for privacy risk.

The work is designed to produce choices, accountable owners and records your teams can continue using.

Diagnose

Map the data, products, vendors, and deadlines that create the immediate DPDP Act question.

Prioritise

Separate mandatory controls from later maturity work and give teams an executable sequence.

Implement

Prepare documents, workflows, training, and records that withstand internal and external scrutiny.

Founder-led practice

Data>Nuance India

Kaustubh Shakkarwar

Founder, Data>Nuance

Certified Data Protection Officer (CDPO)

Legal, privacy and technical judgement in one advisory model.

Kaustubh Shakkarwar is a technology-focused legal professional specialising in data protection, privacy and emerging regulatory frameworks. As a Certified Data Protection Officer (CDPO), his practice focuses on translating obligations into practical decisions and governance routines.

About Data>Nuance

Recognition

Privacy work presented with evidence.

Recognition currently displayed by Data>Nuance, alongside a practice built for operational implementation.

CIO Magazine recognition, 2024

Named among the 10 Most Promising Data Protection and Privacy Service Providers.

Innovative Zone recognition, 2025

Recognised as a trusted privacy compliance solutions company.

ET Young Industry Leader 2025

Excellence in Data Privacy.

In the media

Published thinking beyond our own library.

Selected externally published articles authored by Data>Nuance and its founder.

View all media

SCC Times

My Phone Number is Not a Campaign Resource: How Bar Council Elections and India’s Data Protection Law Interact

How the use of advocate enrolment data for election outreach intersects with privacy rights and India’s data protection framework.

Kaustubh Shakkarwar and Gauri Gupta

22 May 2026Read article

FinanceX Magazine

India’s Exponential BFSI Privacy Arbitrage

How payments and BFSI businesses can treat privacy and consent capability as a strategic advantage.

Gauri Gupta and Kaustubh Shakkarwar

6 January 2026Read article

ETCISO

India’s unified digital consent framework: RBI, TRAI & BRDCMS

A look at converging consent-management requirements emerging across RBI, TRAI and the BRDCMS.

Kaustubh Shakkarwar

23 October 2025Read article

JurisHour

What to Expect from India’s Final DPDP Rules: Bridging Critical Gaps in the Digital Privacy Framework

An examination of the operational gaps India’s final DPDP Rules must address in the evolving privacy framework.

Kaustubh Shakkarwar and Gauri Gupta

30 September 2025Read article

Bar & Bench

Cookie management under the Digital Personal Data Protection Act, 2023

An analysis of how cookie consent and preference controls may be operationalised under the DPDP Act and BRDCMS.

Kaustubh Shakkarwar and Gauri Gupta

21 June 2025Read article

Pauses while you read or navigate.

Insights

Briefings for DPDP Act decisions already moving.

Practical guides and regulatory analysis for product, legal, security and compliance teams.

View all insights

GuideDPDP Act

DPDP Act readiness for technology businesses

A practical first-pass framework for product, legal and security teams deciding what to document and implement first.

20 May 2026Read insight

ChecklistNotice and consent

Notice under Section 5 of the DPDP Act

What a Data Fiduciary should review before putting consent and notice experiences into production.

15 May 2026Read insight

GuideHeightened duties

Children's data under Section 9 of the DPDP Act

Heightened duties for teams building products that may process a child's personal data.

8 May 2026Read insight

Start with context

Book a focused DPDP Act consultation.

Bring an upcoming launch, notice review, data mapping question, incident readiness issue or implementation deadline. We will help identify the right next step.

Book consultation Submit a brief