DPDP Compliance
Real DPDP compliance starts with technical security, not just paperwork.
DPDP Compliance is a service-led offering: we audit your infrastructure, applications, vendor contracts, and internal policies against the Digital Personal Data Protection Act 2023, then walk you through a documented roadmap. NDA-first, vendor-neutral, technical not just legal.
Engagement tiers
PUBLIC PRICINGBasic Review
Rs 18K - 30K
1 WEEK
- +Risk-posture review
- +Top 10 gap report
- +30-min walkthrough
Full Assessment
POPULARRs 45K - 90K
3 WEEKS
- +Full audit, all 5 surfaces
- +Risk register and CVSS map
- +Roadmap with milestones
- +Final readout call
2-Month Programme
Rs 1L - 2L
8 WEEKS
- +Full assessment
- +Implementation guidance
- +Independent re-test
- +Sign-off + retainer option
FOUR PHASES . PREDICTABLE CADENCE
Discovery to verification
Discovery
Scope, NDA, kickoff
WEEK 1
Assessment
Tech and policy review
WEEK 2-3
Roadmap
Prioritised plan, owners
WEEK 4
Verification
Independent re-test, sign-off
WEEK 5+
# discovery_call . 47 min
nda_signed sealed=ok jurisdiction=IN
scope_locked surfaces=infra,app,data,vendor,policy
kickoff_scheduled date=2026-05-04
phase_complete advancing_to_assessment
Gap analysis report
SAMPLELotus Hospitals — DPDP Gap Analysis
27 Apr 2026 . 18 pages . confidential
SURFACES AUDITED
5
FINDINGS RAISED
34
HIGH PRIORITY
9
The hospital uses a multi-cloud setup with patient records housed in two RDS instances and a legacy on-prem fileshare. We assessed encryption at rest, RBAC implementations, retention controls, vendor DPAs, and grievance workflow. Nine findings rate as high priority. The remediation plan, scoped at four weeks of effort, is attached.
Implementation roadmap
OWNERS . DATESEncrypt legacy fileshare (BitLocker on-prem)
DONEDocument retention matrix per data category
IN PROGRESSSign DPAs with all sub-processors
IN PROGRESSBuild grievance redressal workflow
QUEUEDIndependent re-test and sign-off
QUEUEDHow we operate
TRUST POSTURELawyer-sealed NDA
Signed before any discovery work begins. Indian-law jurisdiction. Two-way confidentiality.
Vendor-neutral
We do not resell tooling. We do not earn referral fees. Our recommendations are unencumbered.
Credly verified
Team certifications are publicly verifiable on Credly. Real badges, not slide-deck claims.
Non-intrusive testing
We do not run destructive tests against production without an isolated environment and explicit consent.
Under the hood.
Five surfaces where DPDP compliance is won or lost.
DPDP compliance is not a single thing to certify. It is a posture across infrastructure, applications, data flows, vendor contracts, and internal policies. We audit all five and report on each in plain English, with technical evidence behind every claim.
- +Cloud and on-prem infrastructure posture
- +Application security (web, mobile, internal tools)
- +Data flow mapping and lifecycle review
- +Vendor and sub-processor contracts
- +Internal policies, RBAC, and incident response
Four phases, predictable cadence.
We run engagements in four phases. Discovery to scope and inventory. Assessment to find the gaps. Roadmap to prioritise the fixes. Verification to confirm closure. Each phase has documented inputs, outputs, and decision points.
- +Discovery: scoping, NDA, kickoff
- +Assessment: technical and policy review
- +Roadmap: prioritised plan with owners and dates
- +Verification: independent re-test and sign-off
Technical depth, vendor-neutral, NDA-first.
Most DPDP advisory shops are law firms with a checklist. We are a security team that reads the same law and runs the technical tests behind it. That difference shows up in the report. We sign an NDA before discovery. We do not resell tooling. The Credly badges on our team are real.
- +Lawyer-sealed NDA before discovery starts
- +Vendor-neutral findings (no resale incentives)
- +Credly-verified credentials, not slide-deck claims
- +Non-intrusive testing - no production impact
DPDP.
Open the site.
Free 30-minute scoping call. We tell you which tier fits and what an honest engagement looks like. Book at alcyonesecure.in.