Twelve questions. Twelve statutory domains. Each mapped to specific sections of the Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025.
Significant Gaps
0–12 points
Partial Readiness
13–24 points
Advancing Maturity
25–36 points
Consent Architecture
Section 6, Rules 3–4
Grievance Redressal
Section 13, Rule 8
Breach Notification
Section 8(6), Rule 7
Children's Data
Section 9, Rules 10–12
Cross-Border Transfers
Section 16
SDF Obligations
Section 10, Rule 9
Data Protection Officer
Section 10(2), Rule 9
Vendor & Processor Governance
Section 8(2)
Data Retention & Erasure
Section 8(7)
Data Protection Impact Assessment
Rule 14
Privacy Notice Compliance
Section 5, Rule 3
Board-Level Governance
Section 10, Companies Act §166
Takes approximately 5 minutes · 12 questions · Scored 0–36