A DPDP Readiness Assessment That Tells You Where You Actually Stand
Last updated: 18 June 2026
A DPDP readiness assessment shows where your personal data lives, who can reach it, and what the DPDP Act 2023 expects you to fix first. In plain English, ranked by what would hurt most.
· India’s IT & business services market reached USD 254 billion in FY24 and is projected to cross USD 350 billion by 2026, per India Brand Equity Foundation.
· Under the DPDP Act 2023, Indian businesses must keep personal data in India unless cross-border transfer is to a notified country — Sirius Star configures every deployment for DPDP compliance by default.
· Sirius Star is a Microsoft Partner with a cloud engineer on payroll, founded 2009 in Navi Mumbai, serving 200+ Indian enterprises across Cloud, Secure Data Guard, Device Lifecycle Management, Hardware, and Corporate Tech Gifting.
A DPDP readiness assessment shows where your personal data lives, who can reach it, and what the DPDP Act 2023 expects you to fix first. In plain English, ranked by what would hurt most.
Get your free DPDP readiness check
200+ Indian businesses work with us. Written plan back in 8 working hours.
Why most Indian businesses fail their first DPDP check
The gap is rarely the firewall. It is knowing where the data is. KYC scans sit in an inbox. A salary sheet lives on a shared drive nobody locked. An ex-employee still has CRM access eight months on.
In DPDP readiness checks we have run for Indian firms, we have seen the same three gaps repeat. Nobody owns the data. Old access never gets removed. No record of consent for data already held.
The Act does not care how busy you are. If a customer asks you to delete their data and you cannot, that is a problem. If data leaks and you cannot prove you tried to prevent it, that is worse. A readiness check finds these holes first.
What a DPDP readiness assessment actually checks
It is not a quiz. We look at your real systems and map them against your duties as a Data Fiduciary, in force now in 2026. The check covers four areas.
1. Data discovery
Where does personal data sit today? Email, CRM, HR files, cloud drives, laptops, old backups. You cannot protect what you have not found.
2. Access and control
Who can open that data, and should they? We review user access, departed-staff accounts, and whether files can walk out on a USB stick or a personal Gmail.
3. Consent and rights
Can you show why you hold each piece of data? Can you delete it, correct it, or hand it back when someone asks? The Act gives people these rights, and you need a way to honour them.
4. Breach readiness
If data leaks tonight, what happens next? We check whether you can detect it, contain it, and report it to CERT-In inside the 6-hour window the rules expect.
That is the maximum penalty the DPDP Act 2023 sets for a serious data breach. The number is meant to make boards pay attention. A readiness check turns that abstract risk into a short, fixable list, ranked by what would hurt most.
How the assessment runs, step by step
The point is to be light on your time. You prepare nothing.
Step 1: A short call
Twenty minutes. We learn what your business does, what data you handle, and which systems run it.
Step 2: A look at your real setup
We review the systems you named: email, file storage, CRM, devices. We check access, retention, and the controls already in place against ISO 27001 good practice. Read-only. We touch nothing without your sign-off.
Step 3: Your written gap report
You get a plain-English report. Every gap is ranked by risk, with a clear fix for each one. Where a fix needs tools or our help, we attach a scoped quote. All of it inside 8 working hours of the review.
Get your free check and written quote
No cost for the assessment. You only pay if you ask us to fix something.
What you get at the end
Not slides. A short document your team can act on this week.
- A map of where your personal data lives, across email, cloud, devices, and backups.
- Your gaps ranked by penalty exposure, so you fix the expensive risks first.
- A clear fix for each gap, with what you can do in-house and what we can do for you.
- A scoped quote for any tooling, so nothing surprises you later.
Many firms take the report and act on it themselves. That is fine. The check is built to be useful on its own.
DPDP readiness check vs a full compliance audit
People mix these up. Different jobs, and you usually want the lighter one first.
| Readiness check (this) | Full compliance audit | DIY checklist | |
|---|---|---|---|
| Time | Days | Weeks to months | Whenever you get to it |
| Cost | Free to start | Sizeable engagement | Your team’s hours |
| Output | Ranked gaps plus a fix plan | Formal certified findings | A list you scored yourself |
| Best for | Knowing where you stand and what to fix first | Proving compliance to a board or regulator | A rough first guess |
Start with the readiness check. It tells you whether you even need the heavier audit yet. It works around whatever data tooling you already run, Microsoft Purview included. Where you have nothing, our own Secure Data Guard service closes the email and USB gaps the check usually finds.
Which industries need this most
Any business holding personal data has DPDP duties. Four types feel the pressure first.
BFSI and lenders
You hold KYC, account, and transaction data, and you already answer to the RBI. DPDP adds a second set of duties. The check shows where the two overlap and where you have new work.
Pharma and healthcare
Patient and trial data is sensitive under the Act. The bar is higher, and so is the penalty if it leaks.
IT and ITES
You process data for clients, often from outside India. Your customers will ask for proof you handle it correctly, and many already do during vendor reviews.
Manufacturing and logistics
Large workforces mean large employee files, plus vendor and customer records spread across plants and branches. The data is everywhere, which is the problem the check solves.
Questions Indian buyers ask us
Is the DPDP readiness assessment really free?
Yes. The check, the call, and the written gap report cost nothing. You only pay if you ask us to fix something, and that price is in the report so you decide with full information.
How long does it take?
The review itself is quick once we have access to look. You get your written report and any quote within 8 working hours of that review.
Will you need access to our systems?
We work read-only and only on the systems you point us to. We change nothing without your written go-ahead. The goal is to see your setup, not to touch it.
We already use Microsoft 365. Are we covered?
Microsoft 365 gives you tools, not compliance. The check shows which controls you already have and which are switched off.
What if the report says we have serious gaps?
Then you found out from us, on your terms, not from a regulator or a breach. Every gap comes with a fix, ranked so you start with the one that matters most.
Who runs the assessment?
Our Secure Data Guard team in Vashi, Navi Mumbai. The same people who would help you close the gaps, so nothing gets lost in a handover.
Read these before you decide
Want to understand the law first? Start here.
- DPDP Act penalties for mid-size Indian companies, the real numbers explained.
- A complete DPDP Act 2023 guide for MSMEs.
- The DPDP compliance package, for when you are ready to close the gaps.
- Email DLP and USB device control, the two fixes we find most.
- Already collecting data? Review your privacy notice and your data rights and grievance process.
Or explore the full Secure Data Guard service and our wider cloud and security stack, Microsoft Purview included.
Get your DPDP readiness check
Twenty minutes to start. A written, ranked fix plan back in 8 working hours. No cost, no obligation.
200+ Indian businesses trust us. Questions? Email care@siriusstar.in
P.S. A Pune logistics firm booked the check thinking they were fine. The report found 40 GB of old customer data on an open shared drive, three years past its use. They fixed it in a day. Better you find that than someone else.
Who is DPDP Readiness Assessment for Indian Businesses a good fit for in India?
DPDP Readiness Assessment for Indian Businesses works best for Indian businesses that already have established workflows around the related platforms, need DPDP-compliant data residency, and want a single accountable partner for deployment plus quarterly tuning. Sirius Star runs the entire lifecycle — scoping, deployment, training, and renewal — from a Navi Mumbai engineering team.
How long does DPDP Readiness Assessment for Indian Businesses deployment take?
A typical DPDP Readiness Assessment for Indian Businesses rollout in India takes 2-6 weeks from purchase order to production cutover, depending on scope. Sirius Star follows a phased plan: scoping call within 8 working hours of enquiry, design review within 5 days, deployment waves, then a 30-day stabilisation window before handing over to your team or our managed retainer.