Statutory Penalty Calculator

DPDP Act 2023 Penalty Exposure Estimator

Calculate your maximum statutory liability under India's Digital Personal Data Protection (DPDP) Act, 2023 based on operational compliance gaps.

Identify Compliance Gaps

Select the gaps that apply to your current systems or privacy framework. Statutory limits are mapped directly to Schedule 1 of the DPDP Act 2023.


Scale of Data Subjects Impacted 10,000+ users
< 1,000 10,000+ 100,000+ 1M+ 10M+ (Enterprise)
MAX STATUTORY EXPOSURE
250 Cr
HIGH RISK EXPOSURE

Your business is highly exposed. Adequate data protection protocols must be initialized immediately to avoid crippling penalties under Section 8(5).

Section / Violation Max Cap

Secure Your Enterprise Gaps

Audit and align your policies with DPDP 2023 instantly.

LexGuard AI scans your privacy policy, uncovers hidden non-compliant clauses, and drafts ready-to-use corrections in under 2 seconds.

Understanding DPDP Act 2023 Penalties

How are penalties under the DPDP Act 2023 calculated?

Penalties are determined based on the specific category of violation as defined in Schedule 1 of the Act. Factors like nature, gravity, and duration of the breach, repetitive behavior, and mitigation steps taken will affect the final fine assessed by the Data Protection Board of India (DPBI).

What is the difference between Section 8(5) and Section 8(6) penalties?

Section 8(5) dictates the failure to take reasonable security safeguards to prevent a breach, which is capped at ₹250 Crore. Section 8(6) dictates the failure to notify the Board and affected data subjects in the event of a breach, carrying a penalty of up to ₹150 Crore.

Are startups exempt from these penalties?

No. Startups do not receive blanket exemptions from statutory penalties. However, the Central Government may exempt certain classes of fiduciaries (e.g. based on data volume) from specific obligations, but breach liability remains highly active for all commercial enterprises.

Does the scale of users impacted affect my fine?

Yes. While the statutory caps are absolute (e.g., ₹250 Crore), the Data Protection Board of India evaluates the actual damage and number of affected individuals. Our Exposure Estimator factors this in using a scale multiplier to provide realistic risk levels.