'Most Innovative Startup 2020' by RSA - Watch the video

Learn More

India PDPB

Get PDPB compliant with the most comprehensive PrivacyOps platform.

Download the book today!

PrivacyOps - Automation & Orchestration for Privacy Compliance
Download Book
Available in PDF

In December 2019, India, following several other countries' footsteps on the privacy laws' developments, introduced the Personal Data Protection Bill (PDPB) to regulate the processing, collection, and storage of personal data.

The PDPB seeks to effectively protect personal data and provide a comprehensive legal framework for processing personal data. It also includes data principals' rights (Data subjects’ rights) and lays down a mechanism for unauthorized and harmful personal data processing remedies and fines. The PDPB imposes obligations on all businesses operating in India to reassess their data processing practices, policies, and safeguards.

The solution

SECURITI.ai enables organizations to comply with India's PDPB regulations through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

securiti dashboard

SECURITI.ai supports enterprises in their journey toward compliance with the India PDPB regulation through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various sections of the India PDPB.


Customize a data subject rights request portal for seamless customer care


Create customized web forms according to your brand image with the DSR request format and accept verified data principal rights requests. Automate the initiation of fulfillment workflows when verified requests are received.

dsr portal
dsr handling

Automate data subject access request handling

PDPB Sections: 17, 21

Data principals need to be notified about their data privacy rights and organizations are required to simplify the initiation of verified DSR requests. The automation of the delivery and generation of secure data access reports will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the requests.

Secure fulfillment of data access

PDPB Section: 17

Disclosure of information to the data principals within a limited time frame of receiving a verifiable data request is a must for any organization looking to comply. This will be free of charge and delivered through a secure, centralized portal.

data access request
data rectify request

Automate processing of rectification requests

PDPB Section: 18(1)(a)(b)(c), 18(2)(3)(4)

With the help of automated data principal verification workflows across all appearances of a data principal’s personal data, you can seamlessly fulfill all data rectification requests.

Automate erasure requests

PDPB Section: 18(1)(d),18(2)(3)(4)

Fulfill data principal’s’ erasure requests, swiftly, through automated and flexible workflows.

data erasure request
personal data monitoring tracking

Continuous monitoring and tracking

PDPB Sections: 23, 28, 29

Keep track of risks involved by continuously scanning and monitoring data against non-compliance to subject rights, security controls, or data residency.

Automate People Data Graph


Discover personal information stored across all your internal and external systems within the organization and link them back to unique data principal. Also, visualize personal data sprawl and identify compliance risks.

personal information data linking
cookie consent

Meet cookie compliance

PDPB Sections: 11, 23(3)(4)

Automatically scan the web properties within your organization, categorizing tags, and cookies. Also, build customizable cookie banners, collect consent, and provide a preference center.

Monitor and track consent

PDPB Sections: 11, 12, 23(3)(4)

Track consent revocation of data principals to prevent the transfer or processing of data without their consent. Seamlessly demonstrate consent compliance to regulators and data principals.

consent preference management
Assess GDPR readiness

Assess PDPB readiness

PDPB Sections: 7, 22, 23, 24, 26(2), 27, 29, 30, 32

With the help of our multi-regulation, collaborative, readiness, and DPIA system, you can gauge your organization's posture against PDPB requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against PDPB requirements.

Map data flows

PDPB Sections: 22(1), 23, 28(1), 27

Track data flows in your organizations, trace this data, catalog, transfer, and document business process flows internally and to service providers or third parties.

map data flows
manage vendor risk

Manage vendor risk

PDPB Sections: 7(1)(h), 24, 27, 26, 30, 31

Keep track of privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.

Breach Response Notification

PDPB Section: 25

Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.

breach response notification

Key data subject rights encoded within PDPB

Right to Confirmation and Access: Data principals can access their personal data or obtain confirmation from the data fiduciary regarding their personal data whether it is being processed or not.

Right to Correction and Erasure: Data principals can seek correction of inaccurate, incomplete, update, or erasure of their personal data.

Right to Data Portability: In certain circumstances, where the processing has been carried out through automated means, the data principal may receive the personal data in a structured, commonly used and machine-readable format, and also have their personal data transferred from one fiduciary to another.

Right to be Forgotten: Data principals may restrict data fiduciaries to continuing disclosure of their personal data if the consent is withdrawn or it has served the purpose of data processing or collection

Notification Requirement: Data fiduciaries must notify data principals to collect or process their personal data with certain information described under Section 7 of the PDPB

Quick facts about PDPB

Data principals may bring claims to adjudicating officers appointed by the DPA for compensation, and there is also a mechanism to permit group actions.
PDPB is applicable to personal data collected, stored, shared, or processed within India's territories.
Data fiduciaries or data processors who are not in India's territorial limits but are involved in carrying out business or systematic offering of services or goods to individuals in India also come under the application scope of PDPB.
Serious and substantive violation of the provisions of the PDPB regarding the processing of personal data is punishable with a fine approximately INR. 150,000,000.or 4% of the annual turnover of the data fiduciary, whichever is higher.
Data fiduciaries are obliged to undertake transparency and accountability measures like security safeguards, instituting grievance redressal mechanisms for data principals' complaints, and privacy by design policy.
PDPB introduces the concept of consent managers under Section 21 of the PDPB, who will manage the data principals' consent to data fiduciaries.
The PDPB imposes criminal liability on re-identification and processing of de-identified personal data without consent with imprisonment of up to three years, or fine, or both.