Log a breach. The 72-hour clock starts. We handle the rest — Board notification, principal alerts, evidence package.
Failing to notify the Data Protection Board within 72 hours is itself a ₹200 crore violation — on top of whatever caused the breach. No grace period.
Score-based classification using affected count, data sensitivity, and category. SEV 1–4 scale.
Prescribed DPDPA format pre-filled from incident data. Countdown timer visible at all times.
Batch email to affected principals with delivery receipts and immutable dispatch log.
All incident events stored with no UPDATE or DELETE. DB-level append-only enforcement.
Sev1/Critical incidents automatically fire a Slack alert to your security war-room channel.
Export a complete PDF evidence package including incident timeline, notification records, and CERT-In format report.
Breach logging, severity classification, Board notification, and evidence export on all plans.
Under DPDPA S.8(6), the 72-hour window begins the moment a Data Fiduciary "becomes aware" of a personal data breach. DPDPA Shield logs the exact UTC timestamp when you create an incident record — establishing a clear, defensible start time in your evidence trail. This timestamp is immutable and cannot be edited after the fact.
The prescribed notification format must include: (1) nature of the breach and categories of personal data affected, (2) estimated number of data principals affected, (3) likely consequences of the breach, (4) remediation and mitigation measures taken or proposed, and (5) contact details of your Data Protection Officer. DPDPA Shield pre-fills this from your incident data — you review and send in one click.
Yes, S.8(6) also requires notifying affected data principals "in such manner as may be prescribed." DPDPA Shield handles batch email notification to all affected principals with delivery receipts stored in an immutable log. The notification content, timestamps, and delivery status are all included in your regulator evidence package.
Failure to notify the Data Protection Board within 72 hours carries a penalty of up to ₹200 crore under S.8(6) — separate from any penalty arising from the breach itself. There is no grace period. The DPDPA Shield countdown timer with auto-escalation and Slack war-room alerts is specifically designed to prevent this outcome.
Set up breach workflows in under 15 minutes. Free trial, no credit card required.
What counts as a breach, what must be notified, and exactly how to avoid the ₹200 Cr penalty.
Read articleWhen to hire a consultant, when software is enough, and why most startups pick the wrong option.
Read articleProve every consent. Court-admissible SHA-256 proof.
Learn moreOTP-verified portal. 30-day SLA countdown.
Learn moreReal-time 0–100 compliance health score.
Learn moreMap every asset, processor, and data flow. Auto-generate RoPA.
Learn moreTrack, score, and treat every DPDPA risk. Growth+.
Learn moreAutomated security scoring for every data processor. Growth+.
Learn moreAI-curated DPDPA updates. Never miss an enforcement signal.
Learn moreChildren's data, DPIA, SDF — highest-penalty coverage.
Learn more