01
Applicability and processing grounds
Identify processing activities, roles, territorial reach, and the permitted purpose for each personal data flow.
- Applicability memo
- Data-flow inventory
- Grounds assessment
Services
DPDP Act support organised around statutory duties.
Focused advice and implementation work for Indian technology businesses that need compliance decisions to become operating controls.
02
Notice, consent and legitimate uses
Build the notices, consent journeys, withdrawal controls, and documented legitimate-use decisions that product teams can run.
- Notice review
- Consent controls
- Product guidance
03
Safeguards and breach readiness
Translate data fiduciary duties into vendor, access, retention, security, and incident-response routines.
- Safeguard gap review
- Breach playbook
- Vendor actions
04
Children and significant fiduciaries
Assess heightened duties for children and Significant Data Fiduciaries under Sections 9 and 10 of the Act.
- Heightened-duty assessment
- DPIA readiness
- Audit roadmap
05
Rights and grievance handling
Design operational workflows to receive, verify, answer, and evidence data principal requests and grievances.
- Request workflow
- Response templates
- Escalation map
Engagements may combine assessment, drafting, implementation support and training depending on the processing context and deadline.
Review starting engagementsStart with context
Book a focused DPDP Act consultation.
Bring an upcoming launch, notice review, data mapping question, incident readiness issue or implementation deadline. We will help identify the right next step.