Under India's DPDP Act 2023, Data Fiduciaries must notify the Data Protection Board of India and affected Data Principals of personal-data breaches. The 2026 playbook: detect and contain quickly, classify scope using your data inventory, notify within required timelines, and run a post-incident review — with penalties up to ₹200 Crore for failure to notify.
Prepare before it happens
Build a breach response plan with defined roles, notification templates and drills. Readiness is what keeps you compliant and calm under pressure.
Detect, classify, notify
Use detection to spot incidents fast, your data inventory to scope impact, and pre-built templates to notify the Data Protection Board and affected individuals on time.
Recover and learn
After containment, run a structured post-incident review and track remediation so the same gap can't recur.
FAQ
Yes. The DPDP Act 2023 requires notifying the Data Protection Board of India and affected Data Principals of personal-data breaches; failure can attract penalties up to ₹200 Crore.