Law4u - Made in India
Home
Lawyer Signup Download Apps

What Are The Penalties Under The DPDP Act, 2023?

Cyber and Technology Law

Answer By law4u team

The Digital Personal Data Protection Act, 2023 (DPDP Act) establishes a comprehensive framework for the protection of personal data in India. It outlines specific penalties for various breaches to ensure compliance and safeguard individuals' privacy. The Data Protection Board (DPB) is empowered to impose these penalties, considering factors such as the nature and gravity of the breach, the type of personal data affected, and the actions taken by the data fiduciary to mitigate the breach.

Penalties Under the DPDP Act, 2023

Offence Maximum Penalty
Failure to take reasonable security safeguards to prevent data breaches ₹250 Crores
Failure to notify the Board or affected data principal of a data breach ₹200 Crores
Breach of obligations related to children's data ₹200 Crores
Breach of obligations by significant data fiduciaries ₹150 Crores
Breach of duties by data principals ₹10,000
Breach of terms of voluntary undertaking accepted by the Board Up to applicable breach penalty
Breach of any other provision of the Act or rules made thereunder ₹50 Crores

Note: All penalties are credited to the Consolidated Fund of India.

Factors Considered in Determining Penalties

The Data Protection Board considers the following factors when determining the amount of monetary penalty:

  • Nature, gravity, and duration of the breach
  • Type and nature of the personal data affected
  • Repetitive nature of the breach
  • Gain or loss resulting from the breach
  • Mitigating actions taken and their effectiveness
  • Proportionality and effectiveness of the penalty in ensuring compliance
  • Likely impact of the penalty on the offender

Example

Scenario:
A significant data fiduciary fails to implement reasonable security safeguards, resulting in a data breach affecting a large number of individuals' personal data.

Steps:

  • Incident Occurrence: The data fiduciary's system is compromised due to inadequate security measures.
  • Notification: The fiduciary fails to notify the Data Protection Board or the affected individuals within the stipulated time frame.
  • Investigation: The Data Protection Board conducts an inquiry and determines the breach is significant.
  • Penalty Imposition: Considering the factors mentioned above, the Board imposes a penalty of ₹150 Crores on the data fiduciary.

This example illustrates the process and considerations involved in the imposition of penalties under the DPDP Act, 2023.

Our Verified Advocates

Get expert legal advice instantly.

Advocate Gaurav Singh Pundir

Advocate Gaurav Singh Pundir

Anticipatory Bail,Cheque Bounce,Child Custody,Civil,Criminal,Cyber Crime,Divorce,Motor Accident

Get Advice
Advocate Pradeep Kumar Yadav

Advocate Pradeep Kumar Yadav

Anticipatory Bail, Cheque Bounce, Child Custody, Consumer Court, Corporate, Court Marriage, Customs & Central Excise, Criminal, Cyber Crime, Divorce, Documentation, GST, Domestic Violence, Family, High Court, Insurance, International Law, Labour & Service, Medical Negligence, Motor Accident, Muslim Law, NCLT, Patent, Property, R.T.I, Recovery, RERA, Startup, Succession Certificate, Supreme Court, Trademark & Copyright

Get Advice
Advocate Masood Alam

Advocate Masood Alam

Civil, Family, Divorce, High Court, Anticipatory Bail

Get Advice
Advocate Tushar Tiwari

Advocate Tushar Tiwari

Anticipatory Bail,Cheque Bounce,Civil,Court Marriage,Cyber Crime,Divorce,Documentation,Family,High Court,Property,Recovery,Succession Certificate,Wills Trusts

Get Advice
Advocate Mukesh Kumar

Advocate Mukesh Kumar

Anticipatory Bail, Banking & Finance, Criminal, Domestic Violence, High Court, Motor Accident, Divorce, Family, Cheque Bounce, Court Marriage, Customs & Central Excise, Cyber Crime, Insurance, NCLT, Supreme Court

Get Advice
Advocate Mahesh Sharma

Advocate Mahesh Sharma

Cheque Bounce, Civil, Criminal, Divorce, Domestic Violence, Family, Insurance, Motor Accident, Property, R.T.I, Revenue

Get Advice
Advocate Rajat Prasad

Advocate Rajat Prasad

Anticipatory Bail, Arbitration, Breach of Contract, Cheque Bounce, Consumer Court, Corporate, Criminal, Cyber Crime, Domestic Violence, High Court, Insurance, Labour & Service, Landlord & Tenant, Media and Entertainment, Medical Negligence, Motor Accident, R.T.I, Startup, Supreme Court, Trademark & Copyright, Documentation, Armed Forces Tribunal, Wills Trusts, Property, Tax, Immigration, Divorce, International Law, Patent, Recovery, Civil, Banking & Finance, GST

Get Advice
Advocate Bharat Lal Sahu

Advocate Bharat Lal Sahu

Motor Accident, Divorce, Domestic Violence, Family, Insurance, Court Marriage, Labour & Service, Medical Negligence, Consumer Court

Get Advice

Cyber and Technology Law Related Questions

Discover clear and detailed answers to common questions about Cyber and Technology Law. Learn about procedures and more in straightforward language.

16-Dec-2025 | Cyber and Technology Law

Can Elder Abuse Victims Relocate For Safety?
Read Now By Law4u
16-Dec-2025 | Cyber and Technology Law

How Effective Is The Maintenance And Welfare Of Parents And Senior Citizens Act?
Read Now By Law4u
16-Dec-2025 | Cyber and Technology Law

Can You Sue An E-Commerce Platform For Fraud?
Read Now By Law4u
16-Dec-2025 | Cyber and Technology Law

How Does India Collaborate Internationally On Cybersecurity?
Read Now By Law4u
16-Dec-2025 | Cyber and Technology Law

What Are The Legal Duties Of A CISO?
Read Now By Law4u
16-Dec-2025 | Cyber and Technology Law

What Is Penetration Testing?
Read Now By Law4u
See More Questions