Downloadable Kit · 13 May 2027 Deadline
The DPDP Readiness Kit for Indian SMBs
The Rules are notified. The substantive obligations take effect 13 May 2027. The penalty schedule tops out at ₹250 crore for a security safeguards failure and ₹200 crore for a missed breach notification.
The kit converts that into work your firm can finish. Score yourself in twenty minutes. Work the punch list, one owner per gap. Deploy the templates as each area closes. Every section number, date and penalty figure verified against the gazette texts.
No compliance department required. One owner per row, four weeks of disciplined work.
12 files
Guide + workbooks + editable templates
₹2,999
Launch price. ₹4,999 after launch.
13 May 2027
Rules 3, 5 to 16 take effect
What's Inside
Ten deliverables. One documented readiness position.
Built for the firm that will do this itself. Each template carries its statutory citation next to the requirement, and a review-with-counsel line where counsel belongs.
Scored self-assessment
Excel workbook40 questions across consent, notice, data inventory, security, grievance, breach, children’s data and vendors. Auto-computed readiness score with per-section gap flags.
Gap-analysis worksheet
Excel workbookEvery failed assessment item mapped to the required action, a suggested owner, an effort estimate and the statutory basis. Your 30-day punch list.
Privacy notice templates
Word, editableEnglish and Hindi, built to the Rule 3 tests: itemised data description, per-purpose disclosure, working links for withdrawal, rights and Board complaints.
Consent-flow templates
Word, editableCopy blocks for sign-up, marketing, withdrawal confirmation, the pre-Act legacy-base notice and parental consent, plus a 14-point UX checklist for valid consent.
Data inventory and processing register
Excel workbookOne row per processing activity: purpose, lawful basis, retention, sharing, cross-border fields. Includes a retention schedule sheet with a worked example.
Appointment letters
Word, editableGrievance officer and DPO appointment letters plus the website publication checklist: what must appear on your site, with the section for each item.
Breach-response SOP
Word, editableThe decision tree, a roles table, and all three notification templates: initial Board intimation, the 72-hour detailed report, and the customer notice.
Vendor clause library
Word, editableTwelve DPDP-aligned contract clauses for data processor agreements: security safeguards, breach escalation in hard hours, sub-processing, erasure and audit.
Employee data policy
Word, editableEmployment-purposes processing under section 7(i), the consent line for everything beyond it, and a retention schedule your HR head can actually run.
Readiness guide and penalty one-pager
PDFThe work plan that ties it together: eight obligation chapters, a week-by-week schedule, and a one-page penalty table for whoever signs the budget.
Who It's For
Built for the firm without a compliance department.
Professional services, agencies, clinics, SaaS, trading firms. If personal data of customers or employees moves through your business, the obligations attach.
The MD who owns the risk
A 20 to 150 person firm, no compliance department, and a penalty schedule that now reads in crores. You need the work itemised, owned and finished, not a seminar.
The operations head told to "handle DPDP"
You were handed the acronym last quarter. The kit converts it into 40 questions, a scored verdict, and a punch list with owners and effort estimates.
The CA or consultant advising SMB clients
Your clients ask what DPDP means for them. The kit is the engagement structure: run the assessment, work the gaps, deploy the templates. Verified citations throughout.
Free · Start Here
The scored self-assessment. Free, by email.
The same 40-question workbook that anchors the paid kit. Answer the questions with your leadership team; the scorecard computes your readiness percentage and rates all eight obligation areas from Critical to Strong.
Twenty minutes. A scored verdict. Then you know whether you need the rest of the kit.
The Full Kit
One price. Twelve files. Instant download.
The complete work plan: guide, workbooks and editable templates. Checkout runs through Gumroad; the download is immediate.
Launch Price
₹2,999
₹4,999
- The readiness guide PDF: eight obligation chapters, the 30-day schedule.
- Three Excel workbooks: assessment, gap analysis, processing register.
- Seven editable Word templates: notices (EN + HI), consent, letters, breach SOP, vendor clauses, employee policy.
- The penalty one-pager for your board.
- Statutory citations verified against the gazette texts.
Who Built This
Built by the team that builds DPDP infrastructure.
ConsentOS is the DPDP compliance platform of CivicLayer Technologies Private Limited, an India-incorporated company that works on one problem: operational DPDP Act 2023 compliance for Indian businesses.
The kit carries the same discipline as the platform. Every date, section number and penalty figure in these templates was verified against the gazette texts of the Act and the DPDP Rules, 2025 (G.S.R. 846(E), 13 November 2025). Where the law is silent or unsettled, the templates say so instead of guessing.
Kit vs Platform
The kit is the starting point. The platform is the system.
Paperwork decays. Consent records, request clocks and breach timelines are operations, not documents. When the kit work is done, the platform keeps it true.
DPDP Readiness Kit · ₹2,999
- Your documented readiness position in 30 days of owned work.
- Templates, register, SOP and letters your team runs manually.
- One-time purchase. You do the work; the kit supplies the structure.
ConsentOS Platform · from ₹14,999/mo
- Consent records filed and retrievable as they happen.
- Data principal request workflows with running clocks.
- The operating system that keeps the kit's paperwork true.
Questions
Asked before buying.
What is the difference between the free self-assessment and the paid kit?
The free tier is the scored self-assessment workbook alone: 40 questions across eight obligation areas, delivered to your email. The paid kit adds the full work plan: the readiness guide PDF, gap-analysis worksheet, privacy notice templates in English and Hindi, consent-flow templates, data inventory and processing register, appointment letters, breach-response SOP with the 72-hour report formats, vendor clause library, employee data policy, and the penalty one-pager for your board.
Is the kit legal advice?
No. The kit is preparation infrastructure: verified statutory references, editable templates, and a work plan. Every template carries a review-with-counsel line. Statutory claims are verified against the gazette texts of the DPDP Act 2023 and the DPDP Rules 2025 (G.S.R. 846(E), 13 November 2025).
When do the DPDP obligations actually apply?
The DPDP Act 2023 is in force. The DPDP Rules 2025 commence in phases: the Data Protection Board framework from 13 November 2025, Consent Manager registration from 13 November 2026, and the substantive obligations (notice, security safeguards, breach intimation, retention, children's data, rights handling) from 13 May 2027.
How is the kit delivered?
Instant download via Gumroad: one zip containing the PDF guide, three Excel workbooks, seven Word templates and the penalty one-pager. The templates are editable; replace the square-bracket placeholders with your company details.
How is the kit different from the ConsentOS platform?
The kit is the starting point: it produces your documented readiness position in 30 days of owned work. The ConsentOS platform is the ongoing system: consent records, data principal request workflows, and breach clocks that operate continuously. Most kit customers graduate to the platform once the paperwork phase is done.
13 May 2027 does not move. Your readiness date can.
Start free with the scored self-assessment, or take the full kit and run the 30-day plan this week.