Crystal Crop Protection
DPO Dashboard · DPDPA 2023 Compliance Overview
Pending Actions
Items requiring DPO attention
DPDPA Obligations Checklist
Chapter II — Data Fiduciary obligations
Rights Requests §11–14
Consent Overview §6
Consent Management §5 · §6
Notice delivery, consent collection, withdrawal tracking — per DPDPA 2023
Key obligation: Consent must be free, specific, informed, unconditional and unambiguous §6(1)
Every request for consent must be in clear and plain language, with the option for the Data Principal to access it in English or any language in the Eighth Schedule to the Constitution. §6(3)
Consent Log
Pending Notices
Withdrawals
Children §9
Data Principal Rights §11–14
Access · Correction & Erasure · Grievance · Nomination requests
Grievance must be resolved within the prescribed period §13(2)
The Data Principal must exhaust the Data Fiduciary's grievance mechanism before approaching the Board. §13(3) · The Board may be approached only after internal redressal.
Open
In Progress
Closed
Incident Management §8(5) · §8(6)
Personal data breach log, Board notification, affected principal tracking
Board & Affected Principal Notification Required §8(6)
In the event of a personal data breach, the Data Fiduciary shall give the Board and each affected Data Principal intimation of such breach in the prescribed form and manner. There is no numerical deadline in the Act text — the timeline will be specified in rules to be notified by the Central Government. Document all notification actions with timestamps.
Record of Processing Activities §8
All personal data processing operations — lawful basis, purpose, retention, processors
Erasure obligation §8(7)
Unless retention is necessary for compliance with any law, the Data Fiduciary shall erase personal data upon consent withdrawal or when the specified purpose is no longer being served — whichever is earlier.
Notice Templates §5
Consent notices must inform: purpose, how to exercise rights, how to complain to the Board
Language requirement §5(3) · §6(3)
The Data Fiduciary shall give the Data Principal the option to access the notice in English or any language specified in the Eighth Schedule to the Constitution (22 scheduled languages).
Penalty Schedule Schedule to §33(1)
Monetary penalties as specified in the Schedule to the Digital Personal Data Protection Act, 2023 (No. 22 of 2023)
These are the penalties as enacted in the Act
The Central Government may amend the Schedule by notification, subject to the restriction that no amendment shall increase any penalty to more than twice the originally enacted amount. §42(1) · All penalty sums are credited to the Consolidated Fund of India. §34
1
Failure to take reasonable security safeguards to prevent personal data breach
Breach of §8(5)
Breach of §8(5)
Up to ₹250 Crore
2
Failure to notify the Board or affected Data Principals of a personal data breach
Breach of §8(6)
Breach of §8(6)
Up to ₹200 Crore
3
Breach of additional obligations in relation to children
Breach of §9 — verifiable parental consent, no tracking/targeted advertising
Breach of §9 — verifiable parental consent, no tracking/targeted advertising
Up to ₹200 Crore
4
Breach of additional obligations of Significant Data Fiduciary
Breach of §10 — DPO appointment, data auditor, DPIA, periodic audit
Breach of §10 — DPO appointment, data auditor, DPIA, periodic audit
Up to ₹150 Crore
5
Breach of duties of Data Principal
Breach of §15 — impersonation, false grievances, suppression of material information
Breach of §15 — impersonation, false grievances, suppression of material information
Up to ₹10,000
6
Breach of any term of voluntary undertaking accepted by the Board
Under §32
Under §32
Up to extent applicable for underlying breach
7
Breach of any other provision of this Act or the rules made thereunder
Up to ₹50 Crore
Determination factors per §33(2): nature, gravity and duration of breach · type and nature of personal data affected · repetitive nature · gain or loss avoided · mitigation action taken and its timeliness · proportionality · likely impact on the person.
Organisation Settings
Data Fiduciary details, DPO contact, grievance mechanism §8(9) · §8(10)
Data Fiduciary Details
Organisation name
Industry / Sector
CIN / Registration No.
Nature of processing
Data Protection Officer §10(2)(a)
Required for Significant Data Fiduciaries · DPO must be India-based
DPO Name
Email (publicly published)
Phone
Grievance helpline §8(10)
The DPO contact must be published in the prescribed manner. §8(9)