今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#dataprotection

找到 1 篇相关文章

AI 资讯

DPDP compliance costs for Indian startups: what to budget before 13 May 2027

DPDP compliance costs for Indian startups: what to budget before 13 May 2027 Summary. Full compliance with India's Digital Personal Data Protection Act is due on 13 May 2027. That is the date consent, notice, security safeguards, breach intimation and data-principal rights all become enforceable, and it is roughly 10 months away. The DPDP Rules 2025 were notified on 13 November 2025 and land in three phases: the Data Protection Board of India stood up immediately, penalties and Consent Manager registration begin on 13 November 2026, and everything else bites on 13 May 2027. The penalty schedule is not proportionate to your size: up to ₹250 crore for failing reasonable security safeguards, ₹200 crore for failing to notify a breach, and ₹150 crore for missing Significant Data Fiduciary obligations. There is no revenue or headcount exemption. The cost gap is where founders get hurt. Vendors routinely quote ₹15 lakh to ₹2 crore for DPDPA compliance, while a startup under 10,000 users can be substantively compliant for under ₹50,000 a year. India's privacy and data governance market is worth roughly $1 billion to $1.5 billion today, per IDfy founder Ashok Hariharan speaking to Inc42 in April 2026, and a lot of that revenue depends on you not reading the rules yourself. This is a budgeting guide, not a legal opinion. The rules are short. Read them, then price the work. The deadline that actually matters There are three dates, and only one of them is a real deadline for most startups. Phase Date What switches on Does it affect a typical startup? Phase 1 13 November 2025 Data Protection Board of India established, Rules notified No direct obligation, but the Board can already receive complaints Phase 2 13 November 2026 Consent Manager registration opens, penalty framework and enforcement powers begin Only if you intend to register as a Consent Manager Phase 3 13 May 2027 Notice, consent, security safeguards, breach intimation, retention, children's data, data-principal righ

2026-07-16 原文 →