DPDP Knowledge Hub

Build Your DPDP Compliance Knowledge

India's most complete practitioner resource for the Digital Personal Data Protection Act 2023. From foundation to board assurance — structured, sequenced, free.

Explore the CurriculumGo to Platform
Start Here

The 8-Part DPDP Curriculum

New to DPDP? Read these in order. A structured, sequential curriculum built for compliance practitioners, DPOs, and internal audit teams in Indian BFSI.

01

DPDP Rules 2025 Explained

8 min

The complete regulatory foundation for India's data protection regime.

02

Why DPDP Matters More Than Ever

7 min

Business impact, penalty exposure, and the compliance imperative for BFSI.

03

DPDP Implementation Framework

9 min

A structured implementation roadmap for RBI-regulated banks.

04

Steering Committee and KRIs

10 min

Governance structure, 8-KRI framework, and data discovery methodology.

05

DPDP Gap Assessment Playbook

10 min

Get your DPDP baseline score and identify compliance gaps.

06

DPIA Programme

12 min

When and how to run a Data Protection Impact Assessment under DPDP.

07

ROPA as a Compliance Asset

9 min

Building a defensible Record of Processing Activities for DPDP.

08

Compliance Score to Board Assurance

11 min

From operational compliance to board-ready assurance reporting.

Go Deeper

Practitioner-Level Analysis

Applied guides and sector commentary for compliance teams who understand the law and need to act. Organised by topic.

Banks & NBFCs

DPDP implementation for RBI-regulated banks, ROPA, DPIA, and gap assessment guides

  • → DPDP Implementation for RBI Banks (Part 4)
  • → Building a DPDP-Compliant ROPA for Indian Banks
  • → When Does Your BFSI Organisation Need a DPIA?
  • → FAQ: Bank + Credit Bureau + BNPL Data Ecosystem
  • → FAQ: NBFC + OEM Embedded Finance
Browse articles

Insurance & FinTech

Health data obligations, payment data governance, vendor management

  • → FAQ: Health Insurer + Hospital TPA
  • → Vendor & Processor Management: Practical Controls
  • → FAQ: Telecom + UPI TPAP Consent Architecture
Browse articles

Risk Frameworks

FAIR model, PASTA threat modelling, CAI scoring

  • → FAIR Model: How a CISO Won a ₹5Cr Budget During Cuts
  • → PASTA Threat Modelling for Real Banking Systems
Browse articles
FAQ SERIES10 episodes

DPDP Implementation FAQ Series

Sector-specific scenarios — OEM, NBFC, healthcare, EdTech, automotive, B2B SaaS and more.

01
Mobile OEM + NBFC: Who Is the Data Fiduciary?
Consumer Durables · NBFC
02
Health Insurer + Hospital TPA: Sensitive Data
Healthcare · Insurance
03
E-Commerce Marketplace + Sellers: DSAR
E-Commerce · Platform
04
Telecom + UPI App (TPAP): Consent Architecture
Telecom · Payments
05
EdTech + Schools: §9 Children's Data
EdTech · Schools
06
Payroll SaaS + HR Analytics: Employee Profiling
Enterprise HR · SaaS
07
Auto OEM + Dealer + Insurer: Telematics
Automotive · Insurance
08
Bank + Credit Bureau + BNPL: Credit Ecosystem
Retail Banking · Fintech
09
PropTech + Real Estate + Home Loan: Lead Data
Real Estate · Finance
10
Cloud SaaS + Enterprise Tenant: B2B Fiduciary
Cloud SaaS · B2B
View all articles

Regulatory Framework Guides

DPDP Act, RBI ITGRC, RBI DPSC, SEBI CSCRF, and UIDAI compliance guides for BFSI practitioners.

View all frameworks

Datasheets & Checklists

Platform datasheets, DPO readiness checklists, and compliance action item templates.

Download resources
Apply It

Platform Tools

Ready to turn knowledge into compliance action? These platform modules connect directly to the concepts covered in the curriculum.

ROPA Register

Start documenting your processing activities

Gap Assessment

Get your DPDP baseline score in 60 minutes

PIA Wizard

Run a Privacy Impact Assessment end-to-end

DPIA Wizard

Complete your Data Protection Impact Assessment

Policy Generator

Generate audit-ready DPDP policies with AI

CAI Dashboard

Track your Compliance Assurance Index score

Request a Demo →

Not sure where to start?

Begin with Guide 01 — DPDP Rules 2025 Explained. It takes 8 minutes and gives you the complete regulatory foundation.

Start ReadingRequest a Demo →
Knowledge Portal

Practitioner Reference Library

Regulatory guides, checklists, and technical references for CERT-In, DPDP, SEBI, RBI, IRDAI, and VAPT compliance.

View all articles →
InteractiveNew

Consent vs Legitimate Use Quiz

12 DPDP Act 2023 scenarios — classify each as Consent, Legitimate Use, Exempt, or Prohibited.

InteractiveNew

STRIDE Threat Model Builder

4-step wizard, 6 STRIDE categories, risk rating + PDF export. Aligned to RBI TRA and SEBI CSCRF.

InteractiveNew

DPO Challenge Crossword

15-clue privacy governance crossword covering DPDP Act 2023 key terms and concepts.

InteractiveNew

ROPA Gap Spotter

Paste any ROPA entry — 12 client-side checks flag missing legal basis, retention, processors, and more.

InteractiveNew

Consent Fatigue Simulator

12 consent banners in 90 seconds — experience how fatigue drives DPDP §6 non-compliance.

InteractiveNew

DPDP Breach Decision Tree

Y/N flowchart: CERT-In 6-hour report vs DPB notification — know your dual reporting obligations.

InteractiveNew

Privacy by Design Audit Card

24-point DPDP §8(1) scorecard across 6 PbD domains with live ring and PDF export.

InteractiveNew

Data Principal Rights Quiz

10 DPDP Act scenario questions on §§11–14 & §17 rights. Score tiers from Expert to Needs Attention.

InteractiveNew

Privacy Governance Sudoku

A 4×4 puzzle where Policy, Control, Role, and Activity must fill each row, column, and 2×2 box exactly once.

InteractiveNew

DPIA Threat-to-Control Mapper

Drag 8 real-world privacy threats to the DPDP Act controls that neutralise them. A hands-on trainer for DPOs building DPIA muscle memory.

Board

What Your Board Actually Needs to See on a Cybersecurity Dashboard

8 dashboard widgets, financial quantification in ₹ crore, and the regulatory reporting table every BFSI board should review quarterly.

Board

12 Hard Board Questions on Cybersecurity — Answered

Evidence-backed answers to the questions India's BFSI boards actually ask: CERT-In readiness, director liability, DPDP DPAs, and SEBI CSCRF.

Board

From Tier 1 to Tier 4: BFSI Board Cybersecurity Maturity

NIST CSF 2.0 tiers mapped to SEBI CSCRF expectations. Most Indian boards sit at Tier 2; regulators expect Tier 3.

Board

Cyber Risk Quantification for BFSI Boards

FAIR v3.0, NIST 800-30, and Probabilistic VaR — board-ready cyber risk in ₹ crore, not heat maps.

CERT-In

The 6-Hour Rule: CERT-In Incident Reporting

Multi-regulator deadlines, criminal liability under IT Act §70B, and log retention requirements.

DPDP

DPDP Vendor DPA — Mandatory Clauses

Every clause required in a DPDP-compliant Data Processor Agreement under §8 and Rules 2025.

SEBI

SEBI CSCRF Control & Maturity Matrix

NIST CSF 2.0 tier alignment, maturity scoring per function, and CISO dashboard gate items.

IRDAI

IRDAI March 2025 Cybersecurity Revision

Board attestation timeline changes, 3 new control domains, tightened VAPT closure deadlines.

RBI

RBI IT Outsourcing Compliance Checklist

14 contractual clauses and 6 ongoing monitoring obligations for banks and NBFCs.

VAPT

From Nessus Report to Risk Findings with AI

AI-assisted VAPT parsing, UCL control mapping, severity deadlines, and IRDAI.AUDIT.1 auto-compliance.

Risk

STRIDE + PASTA Threat Modelling API Guide

11 routes, DFD enums, and regulatory mapping to RBI TRA, SEBI CSCRF SDLC, and IRDAI IS Audit.

GRC

Risk Graph vs Risk Register

Why static registers fail CISOs managing RBI, SEBI, and DPDP simultaneously.

CERT-In

CERT-In Incident Reporting Checklist

The 9-field mandatory format, 13 log source categories, and multi-regulator deadline matrix.

    We use cookies and analytics (Google Analytics) to improve your experience. Under India's Digital Personal Data Protection Act, 2023, we require your consent before collecting any usage data. Privacy Policy