Skip to main content

Free Tool

DPDP Act Penalty Calculator

Estimate your organisation's maximum penalty exposure under the Digital Personal Data Protection Act, 2023. Select your violation categories for an instant calculation.

Select applicable violation categories

Choose your company size and at least one violation category.

Section 33 Schedule

DPDP Act Penalty Tiers

Rs 250 Cr

Security Safeguard Failure

Section 8(5)

Failure to implement reasonable security safeguards resulting in a personal data breach.

Rs 200 Cr

Breach Notification Failure

Section 8(6)

Failure to notify the Data Protection Board and affected data principals of a breach.

Rs 200 Cr

Children's Data Obligations

Section 9

Non-compliance with verifiable parental consent or children's data processing safeguards.

Rs 150 Cr

Significant Data Fiduciary Obligations

Section 10

Failure to meet the additional obligations of a Significant Data Fiduciary, including DPO appointment, data protection impact assessment, and independent audit.

Rs 50 Cr

Other Provisions

Schedule, residual entry

Consent obligations, purpose limitation, retention limits, or data principal rights.

Penalties are per-instance maximums with a fixed-cap model. Unlike GDPR, which calculates fines as a percentage of global turnover, the DPDP Act applies the same ceiling regardless of company size. The Data Protection Board retains full discretion over the actual amount imposed.