Rs 250 Cr
Security Safeguard Failure
Section 8(5)
Failure to implement reasonable security safeguards resulting in a personal data breach.
Free Tool
Estimate your organisation's maximum penalty exposure under the Digital Personal Data Protection Act, 2023. Select your violation categories for an instant calculation.
Section 33 Schedule
Rs 250 Cr
Section 8(5)
Failure to implement reasonable security safeguards resulting in a personal data breach.
Rs 200 Cr
Section 8(6)
Failure to notify the Data Protection Board and affected data principals of a breach.
Rs 200 Cr
Section 9
Non-compliance with verifiable parental consent or children's data processing safeguards.
Rs 150 Cr
Section 10
Failure to meet the additional obligations of a Significant Data Fiduciary, including DPO appointment, data protection impact assessment, and independent audit.
Rs 50 Cr
Schedule, residual entry
Consent obligations, purpose limitation, retention limits, or data principal rights.
Penalties are per-instance maximums with a fixed-cap model. Unlike GDPR, which calculates fines as a percentage of global turnover, the DPDP Act applies the same ceiling regardless of company size. The Data Protection Board retains full discretion over the actual amount imposed.