Skip to main content

Q5 - What is the maximum penalty for breaches under DPDPA?

Answer

The penalty depends on the nature of violation:

  • Up to ₹250 crore for major failures like not adopting reasonable safeguards or failing to report serious breaches.
  • Lower penalties for less severe failures (e.g., not providing a grievance mechanism).
Example
  • A telecom operator exposing millions of call records without safeguards could face top-end fines.
  • A small retailer delaying response to a handful of access requests may face a much smaller penalty.