DPDP enforcement deadline: May 2027Rules notified Nov 2025Penalty exposure up to ₹250 Cr
Free ToolsTemplatesServicesWorkshopsBook Consultation

Quick Answer

What must a DPDP-compliant Privacy Policy include? A privacy policy compliant with India's Digital Personal Data Protection Act 2023 must clearly describe the categories of personal data collected, the specific purpose for which each category is processed, how long the data is retained, the rights of data principals (access, correction, erasure, grievance redressal), the name and contact details of the Grievance Officer, and the procedure for withdrawing consent. The policy must be available in English and in each of the 22 scheduled languages of the Indian Constitution if the organisation serves users in those languages.

FREE TOOL · DPDP ACT 2023

DPDP Privacy Policy Generator — Build a Compliant Policy Instantly

Answer 10 questions about your company. We'll generate a DPDP Act 2023 compliant policy outline instantly — and deliver the complete customised policy document for ₹2,499.

Your outline has been sent! Check your inbox (and spam folder) within a few minutes.

Your 10-question policy intake

Takes 3 minutes. All fields are processed locally — nothing is stored until you choose to purchase.

Please enter your company name.
Please select your industry sector.
3. Types of personal data you collect * (select all that apply)
Please select at least one data type.
4. Primary data collection point(s) * (select all that apply)
Please select at least one collection point.
5. Do you share data with third parties? *
Please select an option.
6. Does your data transfer outside India? *
Please select an option.
7. Do you process data of anyone under 18? *
Please select an option.
Please select your retention approach.
Required by DPDP Act Section 8(9). This person's contact details will be published in your policy.
Please enter the Grievance Officer's full name.
Please enter a valid email address for the Grievance Officer.

Required sections in your DPDP-compliant privacy policy

    Your Policy Outline Free — fully visible

    Full Section Preview — Sections 1 & 2 Publication-ready text

    Sections 3–13 Unlock for ₹2,499

    Get your complete DPDP-compliant privacy policy

    1,500–2,000 words, customised for your company. Includes Grievance Officer block + one regional language notice template. Delivered as Word doc + PDF within 60 seconds. Includes 6-month free update if DPDP Rules change.

    Your DPDP Privacy Policy is being prepared and will be emailed to within 60 seconds.

    🔒 Secure payment via Razorpay 🔄 6-month free update ✅ Used by 50+ Indian companies
    or

    What makes a privacy policy DPDP-compliant?

    The Digital Personal Data Protection Act, 2023 introduced specific requirements that legacy privacy policies — written for GDPR or the IT Act 2000 — do not meet. A DPDP-compliant policy must identify the Data Fiduciary, provide a Notice at the point of data collection, list all processing purposes, explain consent withdrawal, publish Grievance Officer details, and address children's data where applicable. Full enforcement begins 13 May 2027.

    Who needs to generate a new privacy policy?

    Any Indian organisation collecting personal data from Indian residents needs a policy that complies with the DPDP Act, 2023 and DPDP Rules, 2025. This includes IT services companies, SaaS platforms, BPOs, healthcare organisations, HRMS providers, and CA firm clients — if your existing policy was written before November 2025, it almost certainly needs an update.

    About NitiBharat

    NitiBharat is a Delhi-based data protection consultancy helping Indian organisations get DPDP-ready through fixed-fee assessments, documentation packages, vendor risk reviews and corporate training. Explore our services →