DPDP Act 2023 · Now in Effect — Is Your Website Ready?
Your Website Is
Breaking India's
Data Protection Law.
We've reviewed 150+ Indian websites. 93% had at least one critical DPDP gap — pre-ticked consent boxes, Google Analytics firing before consent, cookie banners with hidden Reject buttons. This 12-page checklist gives you a step-by-step audit of everything your website must fix. No lawyer required.
150+
Websites audited
3.8/10
Avg compliance score
93%
Had critical violations
₹250Cr
Maximum penalty
Early pricing ends soon — lock in ₹249 before it goes to ₹499
23
hours
:
47
mins
:
38
secs
₹499
₹249
Save 50%
Get My Compliance Checklist — ₹249 →
12-page PDF · Instant access after payment · Secure via Razorpay
Secure payment via Razorpay
Instant access after payment
12 pages · 4 consent form templates
New to the DPDP Act?
India's new data privacy law is already in effect — and most business websites are already breaking it.
What it is
The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's first comprehensive data privacy law — similar to Europe's GDPR. It received Presidential assent on 11 August 2023 and the Rules were notified in 2025.
Who it applies to
Any website or app that collects personal data from people in India — including names, emails, phone numbers, or payment details. If you have a contact form, checkout page, or newsletter signup, it applies to you.
What happens if you don't comply
Penalties of up to ₹250 crore per violation. Enforcement powers sit with the Data Protection Board of India. The full compliance deadline is 13 May 2027 — but violations can be actioned now.
What you need to fix
Consent checkboxes, cookie banners, policy pages, how your analytics scripts load, and how you handle data requests. This checklist covers every requirement specifically for Indian business websites.
Sample items from the checklist
30 Checks. Prioritised by Risk.
Clear on What to Do.
Every item names the exact DPDP Act requirement, explains what the gap is, and tells you precisely what to implement — in plain English. No legal background needed.
Critical · Section 1 — Legal Foundations
Map every data flow before you process anything (ROPA)
You cannot lawfully process personal data without knowing what you collect, why, where it's stored, and how long you keep it. Complete data inventory required before any processing begins.
Critical · Section 2 — Website Compliance
Block Google Analytics, Meta Pixel, and all ad scripts until consent is given
These tools must not fire before the user explicitly consents. Pre-loading any analytics or ad script before consent is a direct, enforceable DPDP violation — this is one of the most common gaps we find.
Critical · Section 2 — Website Compliance
Remove all pre-ticked consent boxes from every form on your website
Default opt-ins are explicitly prohibited under DPDP. Consent must be a clear affirmative action — free, specific, informed, and unambiguous. This applies to every form: contact, newsletter, checkout, and lead magnets.
Critical · Section 5 — Cookie Banner
"Reject All" must be equally prominent as "Accept All" — no dark patterns
A grey, hidden, or visually smaller Reject button is a DPDP dark pattern. Both buttons must carry equal visual weight. Closing the banner cannot count as acceptance.
Critical · Section 3A — Privacy Policy
Privacy Policy must include all 10 mandatory elements (full checklist inside)
Data fiduciary identity, data categories, purpose per category, lawful basis, retention periods, third-party sharing, data principal rights, breach notification, cross-border transfer, and version date.
Critical · Section 6 — Breach Response
Notify Data Protection Board AND affected users within 72 hours of any breach
ALL breaches must be reported regardless of severity — with nature, data affected, timing, and mitigations. Pre-written notification templates included in Section 6.
— the 6 items above are just the critical violations found in the first 15 minutes of most audits. Inside: copy-paste consent language for every form type (Section 4), full cookie banner teardown (Section 5), Grievance Redressal Policy (Section 3D), and the 100-point self-scoring worksheet (Section 7).
Starter · 12-Page Guide
What You Get —
And What You'll Be Able to Do With It
A 12-page, step-by-step guide built for business owners, not lawyers. Every section maps to a real action you can take today. Most owners complete all checklist items within one working day.
DPDP Compliance Checklist
2026 Edition
2026
Critical · S1
Critical · S2
Advisory · S3
Critical · S4
Advisory · S5
What's inside
12 pages. Structured section by section. Yours in minutes.
30 prioritised checklist items across 7 sections
Legal Foundations → Breach Response
4 copy-paste consent form templates
100-point self-scoring worksheet
Plain English — no legal jargon
Tick Off Every Compliance Item in One Pass
Every DPDP-required element — from footer disclosures to form checkboxes — listed as clear, actionable tick-boxes. Open it, go page by page, and you'll know exactly what's done and what still needs attention. Most owners finish in under an hour.
The 5 Policy Pages Your Website Must Have — and What Goes in Each
Privacy Policy, Cookie Policy, Terms of Use, Data Retention Policy, and Grievance Redressal. For each one, we tell you exactly what content must be present and where the link must appear — so you're not guessing.
Copy-Paste Consent Text for 6 Form Types
Don't write consent language from scratch. We've done it for contact forms, enquiry forms, newsletter signups, callback requests, lead magnets, and account registration — all worded to meet DPDP's informed consent requirement. Paste it in. Done.
Cookie Banner Setup — Step-by-Step, No Developer Needed
What a DPDP-compliant cookie banner must say, what it must offer (accept, reject, and preference controls), and which third-party tools require consent before loading. Includes guidance on free and paid banner tools you can implement yourself.
Know Your Compliance Score in 10 Minutes
A weighted 100-point worksheet. Every compliance area carries a score. At the end you get a number — and a clear breakdown of what's critical, what's moderate, and what to fix first. Run it again after you make changes to track your progress to 100.
Who this is for
If your website has a contact form,
checkout, or signup page —
this is for you.
SMBs
Your contact form is collecting personal data. That makes you a Data Fiduciary under DPDP.
E-commerce
Every pre-ticked marketing consent box in your checkout is a direct DPDP violation.
Startup Founders
Building compliance in from day one is 10x easier than retrofitting it later.
SaaS Platforms
Every analytics script firing before consent is an enforceable liability.
Agencies
Use the scoring sheet as your standard client onboarding audit. Saves 3–4 hours per client.
Healthcare
Clinics and telehealth platforms process sensitive data with stricter DPDP obligations.
Education
Schools and EdTech platforms collecting student data have specific consent obligations.
Any Indian Website
If you collect names, emails, or phone numbers from anyone in India — the Act applies to you.
What customers say
Used by Indian Business Owners
& Compliance Professionals
We had no idea our pre-ticked newsletter checkbox was a direct DPDP violation. Section 4's copy-paste consent examples showed us exactly what to replace it with. Fixed our entire checkout consent flow in under an hour.
RK
Rahul Kapoor
Founder, Bengaluru D2C Brand · 45,000 customers
★★★★★
Section 2 caught that our Meta Pixel was firing before consent — that alone could have been a ₹250 crore liability. Section 5's cookie banner checklist showed our Reject button was visually smaller than Accept, which is a DPDP dark pattern. Our legal counsel was genuinely impressed with how thorough it was.
PM
Priya Mehta
CEO, SaaS Startup · Pune
★★★★★
I use the Section 7 Self-Scoring Sheet as my standard onboarding audit for all 12 clients. The 100-point worksheet gives every client a clear risk number and the Quick-Win Matrix tells them exactly what to do in week 1 vs. month 3. Saves 3–4 hours per client.
AS
Arun Sharma
Digital Compliance Consultant · Mumbai
★★★★★
About Webchirpy
Built by Practitioners,
Not Theorists
10+
Years experience
500+
Projects delivered
3–5d
Implementation turnaround
Webchirpy has spent 10+ years and 500+ projects building websites for Indian businesses. When the DPDP Act landed, we ran compliance audits on our own client sites — and found gaps in every single one we reviewed.
We built this checklist to fix that, for every Indian business owner who doesn't have a DPO on staff. It combines our technical expertise with a clear understanding of what the DPDP Act actually requires of business websites — no legal jargon, just actions.
Questions? Reach us at hello@webchirpy.in or +91 97914 91097
Frequently asked questions
Common Questions About
DPDP Compliance
The Digital Personal Data Protection Act, 2023 is India's first comprehensive data privacy law. It governs how organisations collect, process, store, and protect personal data of Indian residents and establishes a consent-based framework with penalties up to ₹250 crore for non-compliance. If your website collects any personal data from individuals in India — including names, emails, or phone numbers — it applies to you.
Any website that collects personal information from individuals in India should review its compliance obligations. This includes websites with contact forms, newsletter signups, user accounts, e-commerce checkouts, or any mechanism that collects names, emails, phone numbers, or similar personal data.
The checklist covers every website-level practice required under the DPDP Act for most Indian businesses — forms, policy pages, cookie banners, consent flows, and breach response. It won't cover edge cases specific to regulated industries like healthcare or fintech, which have additional obligations. For those, we recommend using this checklist alongside a qualified legal professional. For the vast majority of Indian business websites, this covers everything you need to fix.
You can read through the entire checklist in under an hour. Implementing the critical Week 1–2 items typically takes 2–4 hours without a developer. The average time to complete all checklist items is one working day — and you can track your progress with the 100-point self-scoring worksheet.
The checklist is delivered as a 12-page PDF instantly after payment via Razorpay. It includes 4 ready-to-use consent form templates you can copy directly into your website. You'll receive the download link immediately by email.
You can reach our team at hello@webchirpy.in or by calling +91 97914 91097. We'll get back to you within 1 business day. For implementation support, we also offer a full compliance implementation service.
2026 Edition · Updated for DPDP Rules 2025
93% of Indian websites have
at least one critical DPDP gap.
Find yours. Fix it. Before May 2027.
Everything you need to audit and fix your website's DPDP compliance — in one afternoon, for ₹249.
12 pages · 30 prioritised checklist items · 4 copy-paste consent templates · 100-point self-scoring worksheet
₹499
₹249
Save 50%
Get My Compliance Checklist — ₹249 →
Secure payment via Razorpay · Instant access after payment
Secure via Razorpay
Covers DPDPA 2023 + Rules 2025
Instant email delivery