The independent statutory body responsible for adjudicating DPDPA complaints and imposing penalties on violators.
The Data Protection Board of India (DPB) is the statutory authority established under DPDPA 2023 to enforce the Act. Its functions include: receiving and adjudicating complaints from Data Principals, conducting inquiries into breaches, imposing monetary penalties, and directing remedial measures. The Board operates digitally by default and its proceedings are conducted through an online portal. It is designed to function as a quasi-judicial body with powers to summon, examine evidence, and issue binding orders.
The DPB is your regulator. It can impose penalties up to Rs 250 crore per violation. Understanding its processes, complaint intake mechanisms, and enforcement priorities helps you prioritise compliance efforts effectively.
A Data Principal files a complaint with the DPB that a Gurugram e-commerce company ignored their erasure request for 60 days. The Board investigates, finds the company had no DSR process, and imposes a Rs 50 lakh penalty plus mandatory compliance directions.
The DPB is not yet fully operational with a robust complaint-resolution track record. However, building compliance now is essential — enforcement can begin at any time and penalties are retrospective to the Act's commencement.
DPDPA Shield automates Compliance Dashboard. See how →