What this is: A quick but honest check of where your business stands on the Digital Personal Data Protection Act. 15 yes/partial/no questions across the five obligations that matter first.
What you get: A readiness score out of 45, a category-level readiness view, and a personalised action list based on what you marked as gaps.
What this is NOT: Legal advice. Educational guidance only. If you’re facing a specific regulatory question, consult qualified counsel.
Drop your email to save the result
Your score and action list will stay live on this page — an emailed copy means you can forward it to your finance lead or IT head without losing the thread.
No spam. You can unsubscribe anytime. We send at most one email a month.
0 of 15 answeredScore: 0 / 45
Category 1 of 5
Data mapping & visibility
01.Do you have a written one-page map of what personal data you collect, where it’s stored, and who has access?
Yes
Partially
No
02.Do you know which of your vendors (ERP, payroll, Tally host, cloud backup) process customer or employee personal data?
Yes
Partially
No
03.Can you currently answer “what data would walk out if our admin assistant left tomorrow?” in under a minute?
Yes
Partially
No
Category 2 of 5
Consent & notice
04.Does your website or customer form collect personal data with a clear purpose, opt-in checkbox, and the ability to withdraw later?
Yes
Partially
No
05.Do your customer onboarding and vendor contracts include plain-language language on how their data will be used?
Yes
Partially
No
06.If a customer asked today “what data do you have on me?” — do you have a process to respond within 30 days?
Yes
Partially
No
Category 3 of 5
Breach response
07.Is there a written one-pager for what to do in the first 4 hours of a suspected leak?
Yes
Partially
No
08.Do you have access logs for your primary systems (email, CRM, file storage) for at least the last 90 days?
Yes
Partially
No
09.Have you ever walked through a mock “what if it happened now?” tabletop exercise with your leadership team?
Yes
Partially
No
Category 4 of 5
People & process controls
10.Is there a written exit protocol: access revocation within 1 hour of resignation acceptance + 30-day download audit?
Yes
Partially
No
11.Does your team have an AI-use rule (what’s approved, what’s off-limits) that every employee has acknowledged?
Yes
Partially
No
12.Do you run a monthly audit on shared Google Drive / SharePoint links set to “anyone with the link”?
Yes
Partially
No
Category 5 of 5
Accountability & governance
13.Is there a named person on the leadership team responsible for data protection (even part-time)?
Yes
Partially
No
14.Are data protection obligations addressed in your vendor contracts (especially with anyone processing your customer data)?
Yes
Partially
No
15.Has the founder or CFO reviewed DPDP exposure in the last 6 months as a named agenda item?
Yes
Partially
No
0/ 45
Level
Your readiness
Your top priority actions
Want this walked through live?
Join the free 60-min masterclass on Thursday, 30-Apr-2026 at 4 PM IST. I go through each of these gaps in detail, with the exact templates for the top three.
