DPDP enforcement deadline: May 2027Rules notified Nov 2025Penalty exposure up to ₹250 Cr
Free ToolsTemplatesServicesWorkshopsBook Consultation
FREE TOOL · DPDP ACT 2023

DPDP Readiness Score — Check Your DPDP Act 2023 Compliance Level

25 questions. 8 compliance domains. Your readiness score plus your top 3 gaps — free, instant, no login needed.

✓ 25 questions ✓ 8 domains ✓ Instant score ✓ Enforcement: May 2027

Quick Answer

What is a DPDP Readiness Score? A DPDP Readiness Score measures how prepared your organisation is to comply with India's Digital Personal Data Protection Act 2023. It evaluates 7 dimensions — data inventory, consent management, privacy notices, data principal rights, vendor contracts, breach response, and governance — and produces a score from 0–100. Organisations scoring below 60 face significant penalty exposure of up to ₹250 crore per breach under the DPDP Act.

0 of 25 answered

Domain 1: Governance & Accountability

15 pts
Q1. Has your organisation appointed a person/team responsible for data protection compliance?S.8 DPDP Act
Q2. Do you have a documented privacy/data protection policy approved by management?
Q3. Is there a named Grievance Officer with published contact details?S.8(9)

Domain 2: Consent & Notice

20 pts
Q4. Do you obtain separate, specific, informed consent before collecting personal data?S.6
Q5. Do you provide a clear Notice to data principals at the time of data collection?S.5
Q6. Can data principals easily withdraw consent, and is the mechanism documented?S.6(4)

Domain 3: Data Principal Rights

15 pts
Q7. Can data principals access their personal data on request?S.11
Q8. Can data principals correct or update inaccurate data?S.12
Q9. Can data principals request erasure/deletion of their data?S.13

Domain 4: Data Inventory & Mapping

10 pts
Q10. Do you maintain an inventory of personal data your organisation collects and processes?
Q11. Are the purposes for which each data category is collected documented?S.5(1)(b)
Q12. Do you know where personal data is stored and who can access it?

Domain 5: Security Safeguards

15 pts
Q13. Are personal data systems protected with access controls and authentication?S.8(5)
Q14. Is personal data encrypted at rest and in transit?
Q15. Do you conduct periodic security assessments on systems that process personal data?

Domain 6: Vendor / Processor Management

10 pts
Q16. Do you have Data Processing Agreements (DPAs) with all third parties that process personal data?S.8(2)
Q17. Do you review data protection practices of vendors/processors at least annually?
Q18. Do you know which vendors transfer personal data outside India, and is this disclosed?S.16

Domain 7: Breach Response & Retention

10 pts
Q19. Do you have a documented personal data breach response procedure?S.8(6), Rule 7
Q20. Can you notify the Data Protection Board and affected individuals within 72 hours of a breach?
Q21. Do you have a documented data retention schedule and delete data once the purpose is served?S.8(7)

Domain 8: Children's Data & Special Cases

5 pts
Q22. Do you verify whether any users/data principals are under 18 before collecting their data?S.9
Q23. If you process children's data, do you obtain verifiable parental consent?S.9
Q24. Have you identified all "significant harm" scenarios relevant to your data processing?
Q25. Do you avoid processing sensitive data (financial, health, location) without explicit consent?S.15
Answer at least 20 questions to calculate your score
0/100
Calculating…

Score Breakdown by Domain

⚠️ Your Top 3 Priority Gaps

Get your complete DPDP Readiness Report — ₹999

Full gap analysis across all 8 domains, per-question breakdown, priority matrix, and 30-day action plan. Board-ready PDF delivered to your inbox in 60 seconds.

Unlock Full Report

Email me the top 3 gaps (free)

🔒 Secure payment via Razorpay ⚡ 60-second delivery ⚠ Up to ₹250 crore penalty exposure

✓ Payment confirmed — your full report is on its way!

Check your inbox in 60 seconds for the complete DPDP Readiness Report.

What the DPDP Readiness Score measures

The Digital Personal Data Protection Act, 2023 places compliance obligations across eight domains: governance, consent, data principal rights, data inventory, security, vendor management, breach response, and children's data. This 25-question assessment scores your organisation across all eight domains and tells you exactly where your exposure lies — in the same format we use in paid readiness assessments.

Who should take this assessment

Any Indian organisation that collects or processes personal data — IT services companies, SaaS platforms, BPOs, healthcare organisations, HRMS providers, and CA firm clients — should know their readiness score before enterprise clients start asking, and before the Data Protection Board has jurisdiction to investigate. Enforcement begins 13 May 2027.

About NitiBharat

NitiBharat is a Delhi-based data protection consultancy helping Indian organisations get DPDP-ready through fixed-fee assessments, documentation packages, vendor risk reviews and corporate training. Explore our services →