What is the maximum DPDP penalty?

₹250 crore per violation category. Penalties stack across categories — consent failures, processor failures, DSR failures, and breach-prevention failures are separate categories.

Book a call →

DPDP penalty calculator · India

Your DPDP exposure, probed deeply.

Q: When does DPDP enforcement start?

DPDP enforcement began phased in 2025. The Data Protection Board of India is operational. 2025-26 actions have focused on consent and vendor governance failures.

Q: What does the email memo include?

Methodology with exact multipliers, industry benchmarks vs 50+ comparable Indian organisations, your top 5 gaps with specific remediation steps, a 90-day plan with line-item costs, vendor-DPA template language, and a DPB-ready breach-response SOP outline. About 8 pages.

Fourteen probing questions on industry, sensitive data categories, vendors, consent maturity, breach readiness, and DPO appointment. Output: ₹ crore exposure range, risk tier, readiness score, top 5 gaps. The 8-page memo (methodology + benchmarks + 90-day plan + DPA templates + breach SOP) lands in your inbox for free.

📋 14 questions · ~3 min 🔓 No signup to see result 📩 8-page memo for your email

How this is calculated

The DPDP Act, 2023 sets a maximum penalty of ₹250 crore per violation category. Real penalties depend on industry, organisation size, breach severity, sensitive-data categories involved, vendor blast radius, and remediation posture. This calculator estimates a defensible order-of-magnitude exposure using 14 weighted inputs across six dimensions: scale (revenue + data volume + years), severity (sensitive-data categories + cross-border + children), governance (consent + DSR + vendor DPAs), readiness (breach SOP + DPO + audit cadence). It is not legal advice.

Inputs that drive the number

Scale dimension: revenue tier × data-volume scale × years-of-cumulative-data multiply the realistic ceiling.
Severity dimension: each sensitive-data category (health, financial, biometric, geolocation, children's data, religion/caste, sexual orientation) adds a multiplier — health and biometric are the heaviest.
Governance maturity — consent management, DSR workflow, vendor DPAs — are inverse multipliers. Mature programs face dramatically smaller exposure.
Breach readiness — formal SOP that's been drilled cuts exposure ~40% under DPB's mitigation guidance.
DPO appointment — full-time DPO is a strong mitigating factor; fractional or none increases exposure.
Audit recency — DPDP-aligned audit within last 12 months is treated as a partial remediation defense.

What this does NOT estimate

Reputational damage from a public breach (often exceeds the regulatory penalty by 3–10×)
Class-action exposure under emerging consumer-rights case law
Specific Section 33 fines for failure-to-prevent breaches (case-by-case)
Industry-specific overlays (RBI for banks, IRDAI for insurance, SEBI for brokers, etc.)

For a defensible legal opinion, engage Indian privacy counsel. For an architecture-and-cost analysis aligned to DPDP, see our DPDP field guide or book a 30-min call.

FAQ

What's the maximum DPDP penalty?

₹250 crore per violation category. Penalties can stack across categories — consent failures, processor governance failures, DSR failures, and breach-prevention failures are all separate categories.

When does DPDP enforcement start?

Enforcement began phased in 2025. The Data Protection Board of India is operational. Most actions so far focus on consent and vendor governance failures.

How accurate is this estimate?

It's an order-of-magnitude figure based on 14 weighted inputs. Treat the mid-case as a planning anchor, not a legal opinion.

What does the email memo include?

Methodology, industry benchmarks vs 50+ comparable Indian organisations, your top 5 gaps with remediation steps, a 90-day plan with line-item costs, vendor-DPA template language, and a DPB-ready breach-response SOP outline. About 8 pages.

Will I get spammed?

Three educational emails over 17 days, then nothing unless you reply. One-click unsubscribe in every email. See our privacy policy.

More calculators

AI API cost

OpenAI vs Claude vs self-hosted

Build vs Buy

3-year TCO + payback

SaaS spend audit

Multi-tool stack rationalisation

All calculators →

10 free tools