Everything from

EY India

1 resource from EY India we point founders to, and the questions each answers.

📄 Article
✓ Link checked India Free Beginner

Why we picked it If you take emails or money from people in India, the DPDP Act is the law your privacy page now has to answer to, and this EY guide walks through it in plain terms instead of pure legalese. It is honest about what a small founder actually owes (a clear consent notice, a way for people to access or delete their data, breach reporting) versus the heavier obligations that only kick in at scale. Treat it as a starting point to understand the shape of the law, not as your lawyer.

Decoding the Digital Personal Data Protection Act, 2023

From EY India by EY India ~15 min read

  • Your privacy notice has to be in clear, plain language and spell out what data you collect, why, and how someone can get it corrected or erased.
  • Small startups are not on the hook for a full-time data officer or annual audits, but you still owe a consent notice, a 90-day response window on data requests, breach reporting, and reasonable security.
  • Non-compliance penalties run high (up to 250 crore), so getting the basics on your site early is cheaper than fixing it later.
Open ey.com