Every engagement is scoped to your size, sector and risk profile. Below is what we do — and how it fits together into a coherent compliance posture.
A 4-to-6 week structured diagnostic that maps your current data practices against every applicable clause of the DPDPA. You receive a prioritised remediation roadmap with effort, cost and risk estimates for each gap — usable by your board and your auditors.
We translate the gap assessment into working artefacts: privacy notices that hold up legally and read well, consent flows that work in your apps, retention schedules engineers can enforce, and a breach response playbook tested through tabletop exercises.
For organisations classified as Significant Data Fiduciaries, the DPDPA requires the appointment of a Data Protection Officer based in India and accountable to the board. Our retainer model gives you a qualified, dedicated DPO without the cost and complexity of an in-house hire.
Compliance is a people problem before it's a paperwork problem. We deliver role-based training tailored to boards, frontline staff, engineering teams, and HR — with completion certificates that form part of your audit evidence.
Annual independent audits performed against the DPDPA and its supporting rules. We produce a documented evidence pack that can withstand regulator scrutiny, customer due diligence, and board review — and we tell you what to fix before anyone else asks.
Our engineering team implements the technical layer of DPDPA — consent management platforms, data-subject request portals, encryption-at-rest controls, and breach-monitoring dashboards — integrated with the systems you already run.
Compliance work has a reputation for producing slide decks no one reads. Our deliverables are designed to be used — by operators, by auditors, and by the regulator if it ever comes to that.
A single-number, multi-axis assessment your board can track quarter over quarter.
A complete Record of Processing Activities — the foundational document under DPDPA.
Privacy policy, internal SOP, retention schedule, breach playbook, vendor due diligence pack.
Attendance logs, completion certificates and assessment scores — ready for any audit.
Templated, fact-based responses to common Data Protection Board enquiries — ready to deploy.
A standing review that flags drift, new regulatory updates, and emerging risks.