DPDP enforcement— — — —Get compliant →

INDIA DPDP · EU GDPR · US CCPA · PRIVACY OPERATIONS

Handle every privacy request your company will ever receive.

Privacy Center, DSR inbox, fulfillment playbooks, and compliance proof — in one workspace built for DPDP, GDPR, and CCPA.

Business home

Needs action today

Consent records · not configuredDPIA · not generated

Overdue

Deletion request · IN DPDP

DSR-1042

Verify

Consent withdrawal · Customer email

DSR-1043

Review

Access request · GDPR

DSR-1044

₹250 Cr

max penalty under DPDPA

30 days

to respond to any data principal

72 hours

breach notification window

May 2027

full enforcement deadline

NON-COMPLIANCE EXPOSURE

The penalties are not hypothetical.

Regulators aren't waiting. The fines are calibrated to hurt.

₹250 Crore

Maximum aggregate penalty per entity

India DPDPA

€20 Million

Or 4% of global turnover

EU GDPR

$7,500

Per intentional violation × affected consumers

US CCPA

Indian companies processing EU citizen data face both regimes simultaneously.

THE PLATFORM

Everything your privacy operations team needs.

Six integrated areas. Click any to explore the full details.

Case Intake

Every channel, one inbox. Every request classified and timed before your team touches it.

Explore

Fulfillment

Playbooks turn requests into tracked work across your stack. Nothing falls through.

Explore

Consent Management

Consent collected, honoured, and proven. The banner, the record, and the audit trail.

Explore

Compliance Tools

A live readiness score, DPIA workspace, RoPA, and breach response — all from your actual data.

Explore

AI Advisor

Ask anything about privacy law. Every answer cites the exact clause.

Explore

Proof & Audit

Evidence captured as you work. Closure reports, audit trail, and six compliance exports.

Explore

BUILT FOR YOUR INDUSTRY

Privacy operations look different for every sector.

The rights are universal. The context, request types, and edge cases are not. Privacy Conduit ships with the domain knowledge built in.

Deletion vs. regulatory retention

KYC records, transaction data, credit history — all subject to access and deletion rights.

Financial services companies hold some of the most sensitive personal data. DPDP, GDPR, and CCPA all require you to respond to access and deletion requests, even when retention mandates apply. Privacy Conduit helps you respond correctly — honouring rights while documenting the legal basis for any data you must retain.

Typical requests you'll receive

Account & transaction data access
KYC record deletion requests
Consent withdrawal for marketing & profiling
Credit data portability
Grievance officer escalations

30 days

DPDP response deadline — regardless of KYC retention rules

Privacy Conduit handles intake, verification, playbooks, and proof — out of the box for fintech teams.

GETTING STARTED

Simple to deploy. Built to operate.

Day 1

Launch

Publish your Privacy Center. Configure your intake email. Your workspace is ready in 15 minutes.

Ongoing

Operate

Every DSR lands in one inbox. Verify, assign, fulfill, and respond with evidence attached.

Always ready

Prove

Closure reports, audit trail, RoPA, and DPIA are generated from the work you already did.

DPDP COMPLIANCE TIMELINE

Where we are in the enforcement journey.

► WE ARE HERE

Aug 2023

DPDP Act enacted

Presidential assent. The law exists.

Jan 2025

Rules notified

MeitY published the DPDP Rules. Obligations crystallised.

Nov 2025

Data Protection Board

Board operational. Complaints can now be filed against your company.

Nov 2026

Consent Manager provisions

Consent Manager framework live. Withdrawals must work operationally.

May 2027

► Full enforcement

All substantive provisions in force. Penalties fully applicable.

► WE ARE HERE

Aug 2023

DPDP Act enacted

Presidential assent. The law exists.

Jan 2025

Rules notified

MeitY published the DPDP Rules. Obligations crystallised.

Nov 2025

Data Protection Board

Board operational. Complaints can now be filed against your company.

Nov 2026

Consent Manager provisions

Consent Manager framework live. Withdrawals must work operationally.

May 2027

► Full enforcement

All substantive provisions in force. Penalties fully applicable.

View the DPDP compliance guide

MULTI-JURISDICTION COVERAGE

One platform. Every privacy law.

Privacy Conduit covers the three jurisdictions that matter most to Indian companies — whether you serve domestic users, EU citizens, or California consumers.

🇮🇳

India DPDP Act 2023

Data principal rights, grievance officer, consent records, breach response. Enforced May 2027.

Up to ₹500 CroreView guide

🇪🇺

EU / UK GDPR

Eight data subject rights, RoPA, DPIA, 72-hour breach notification. Applies wherever EU data flows.

Up to €20M or 4% turnoverView guide

🇺🇸

US CCPA / CPRA

Access, deletion, opt-out of sale/sharing, and sensitive PI limits. Applies to California consumers.

$7,500 per intentional violationView guide

Proof

When the request closes, the evidence is already there.

Legal and compliance buyers need confidence that the team did the work and can prove it later. Privacy Conduit packages proof from the operational workflow itself.

Closure reports

Audit trail

RoPA export

DPIA workspace

Vendor risk

Consent activity

Breach DPBI template

Consent activity export

START TODAY

Your Privacy Center can be live in 15 minutes.

Start before the first request arrives.

No credit card required. No sales call. Privacy Center live in 15 minutes.