Real-time 0–100 compliance health score. Module-level breakdowns. Regulator-ready PDF report in one click.
Without visibility: Compliance gaps are invisible until an audit or Board notice surfaces them. By then, the penalty clock has already started.
Composite score across consent, rights, breach, policy, inventory, and processor coverage. Updates within the hour.
6 module health cards, each with status label (Healthy / At Risk / Critical) and individual score.
30/90/365-day trend chart. See compliance trajectory over time for board reporting.
Unified view of all open rights request deadlines, breach notification windows, and DPIA review dates.
One-click single-page PDF formatted for board presentations. No design work required.
Record of Processing Activities export in regulator-acceptable format. DPDPA S.10 obligation covered.
Full score history, RoPA export, and board PDF available from Growth plan onwards.
The 0–100 score is a weighted composite across 6 modules: consent setup (20%), rights request SLA performance (20%), breach reporting (20%), data inventory completeness (15%), privacy policy publication (15%), and processor Data Processing Agreement coverage (10%). Module weights reflect penalty exposure under DPDPA — consent and breach carry the highest individual penalties.
A Record of Processing Activities (RoPA) is a structured document listing every category of personal data your organisation processes, along with purpose, legal basis, retention period, and processor details. Under DPDPA S.10, Significant Data Fiduciaries (SDFs) are required to maintain an up-to-date RoPA. DPDPA Shield generates your RoPA automatically from your data inventory — no manual spreadsheet required.
A missing or expired DPA with a data processor reduces your processor coverage module score and surfaces as a critical issue in the compliance dashboard. Processor obligations under DPDPA are the Data Fiduciary's responsibility — the Act makes clear that outsourcing processing does not outsource liability. The dashboard shows each processor's DPA status: SIGNED, MISSING, or EXPIRED.
The Board PDF is designed as an executive summary — useful for board presentations and internal governance reviews. For regulator submissions, we recommend exporting the full RoPA and individual module evidence packages (closure PDFs, incident logs, consent audit trails). The compliance dashboard links to each of these exports from a single interface.
Dashboard goes live as you activate modules. Free trial, no credit card required.
A plain-language guide to understanding DPDPA obligations for Indian startups and SMEs.
Read articleOneTrust is built for GDPR. Here is what that means for an Indian startup trying to comply with DPDPA.
Read articleProve every consent. Court-admissible SHA-256 proof.
Learn moreOTP-verified portal. 30-day SLA countdown.
Learn moreNever miss the 72-hour Board notification window.
Learn moreMap every asset, processor, and data flow. Auto-generate RoPA.
Learn moreTrack, score, and treat every DPDPA risk. Growth+.
Learn moreAutomated security scoring for every data processor. Growth+.
Learn moreAI-curated DPDPA updates. Never miss an enforcement signal.
Learn moreChildren's data, DPIA, SDF — highest-penalty coverage.
Learn more