India's first omnibus personal data protection law — phased rollout underway, with sectoral overlays from RBI, SEBI, and CERT-In.
Any data fiduciary processing digital personal data of data principals in India.
Up to ₹250 crore per breach event (Schedule penalties); compounded for repeated violations.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
Consent or legitimate use as the lawful basis (notice-and-consent model).
Rights of data principals: access, correction, erasure, grievance redressal, nomination.
Significant Data Fiduciary obligations including DPIA, data audit, and DPO appointment.
Notification of personal data breaches to the Board and affected data principals.
Cross-border transfers to all countries except those notified as restricted.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
Consent management system with versioning and withdrawal handling.
Data principal request workflow with statutory timelines.
Significant Data Fiduciary toolkit — DPIA, data audit, DPO registry.
Breach notification timer with Board-format export.
Restricted-country transfer gates that block non-compliant flows.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
Consent ledger with audit trail.
Data principal request register.
DPIA library for high-risk processing.
Breach register with Board notifications.
These frameworks share substantial control overlap with DPDP. Customers running one assessment typically satisfy the others with the same evidence base.
India
RBI's cybersecurity framework spanning circulars for banks, urban co-operatives, NBFCs, and payment system operators.
India
SEBI's Cybersecurity and Cyber Resilience Framework — applicable to stock exchanges, depositories, brokers, AMCs, and other SEBI-registered intermediaries.
India
CERT-In's 2022 Cyber Security Directions — incident reporting, logging, and 180-day retention requirements.
European Union
The EU's General Data Protection Regulation — the global gravity well of privacy law since 2018.
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.