Free tool · No email required

Estimate your
DPDP penalty exposure

Answer six quick questions. Get a section-wise breakdown of what the DPDP Act could cost your company, grounded in the actual Schedule and Section 33(2) factors.

Start the calculator
01Company size
02Industry
03Number of users
04What kinds of personal data do you handle? (select all)
05In the last 2 years, have you had any data security or privacy issues?
06If your customer data was leaked tomorrow, how prepared would your team be?

This is an indicative estimate, not legal advice. Actual penalties are determined case-by-case by the Data Protection Board of India.

Coming soon

The full Neriq platform.

This calculator estimates. Neriq finds.

  • Connect your stack. We map every system that touches personal data.
  • Find what's broken. DPDP gaps ranked by which deals they're blocking.
  • Ship the evidence. Audit-ready exports buyers actually accept.
Please enter a valid email address.

By submitting, you agree to receive updates about our launch. We collect your email address only. You can withdraw consent or request deletion at any time: dpo@neriq.ai.

Founding members get lifetime locked-in pricing. Or reply to narendra@neriq.ai to talk to me directly. Narendra, founder.

DPDP Act 2023

The five penalty categories companies need to know.

India's Digital Personal Data Protection Act sets penalties for these five things. Each carries a different maximum, from ₹50 crore to ₹250 crore.

Section 8(5) Reasonable security safeguards. Failing to encrypt, control access, or log how customer data is used. Up to ₹250 crore
Section 8(6) Breach notification. Not telling the Data Protection Board within 72 hours of a personal data breach. Up to ₹200 crore
Section 9 Children's data. Processing personal data of users under 18 without verifiable parental consent. Up to ₹200 crore
Section 10 Significant Data Fiduciary obligations. Annual DPIA and audit, India-based DPO, algorithmic risk diligence. Up to ₹150 crore
Schedule Item 7 Other violations. Consent failures, retention failures, cross-border transfer issues. The catchall for everything else. Up to ₹50 crore

How this calculator works

This estimates a likely penalty range using the seven factors named in Section 33(2) of the Act: nature, gravity and duration of the breach; type and sensitivity of personal data affected; repetitive nature of the contravention; whether the person realised gain or avoided loss; mitigation actions taken and timeliness; proportionality and deterrent effect; and likely impact of the penalty on the person.

Mitigation is the biggest single lever. A documented, tested breach response plan can reduce exposure substantially.

This is an indicative estimate, not legal advice. Actual penalties are determined case-by-case by the Data Protection Board of India. The Rules' substantive provisions come into force in phases starting around May 2027 (eighteen months after notification, per Rule 1). For binding legal opinions, consult a qualified Indian privacy lawyer.