Survey on DPDPA Compliance Tools

Posted on April 26, 2026 by Vijayashankar Na

At FDPPI we started a “User Perception Survey on Privacy Software Compliance with DPDPA 2023” some time in January  2026.

The Objective was to collect the responses from DPOs and Companies about their current experience of the tools they were using. We later also requested  the tool manufacturers also to use the same survey to report the utility of their tools.

During the survey responses were sought on  the following specific parameters which the tools were expected to have.

      1. Risk Assessment
      2. Data Discovery-Structured Data
      3. Data Discovery-Unstructured Data
      4. Classification of Data as per DPDPA requirements
      5. Creation of ROPA/Inventory of Processes
      6. Privacy Notice Generation
      7. Consent Collection
      8. Consent Lifecycle Management
      9. Consent Manager Handling
      10. Rights of Access and Deletion
      11. Rights of Grievance Redressal
      12. Rights of Nomination
      13. Management of pseudonymisation
      14. Management of Encryption
      15. Management of CIA of personal data
      16. Management of Data Breach Identification
      17. Data Breach Notification
      18. Cross Border Data Transfer
      19. Management of Verifiable Consent of guardian
      20. Management of Legitimate use based Processing
      21. identification of Significant Data Fiduciary Status
      22. management of Data Processing contracts
      23. Management of Processing under Processor’s control
      24. Management of Employee Data as an exclusive category
      25. management of DRP/BCP
      26. Creation of Personal Data Inventory
      27. Management of Data Governance Structure
      28. Management of Data Retention
      29. Data Audit Management
      30. Any other

In this comprehensive list we had indicated what is the expectation of a DPO from the software.

We must admit that the  responses received were lukewarm. Many responses were incomplete.  Some were anonymous.

The reasons could be

a) Experience of the industry is non existent

b) Tool developers themselves are not confident of speaking about their products.

c) Many of the tools listed in the survey are not being used by companies at this point of time and only exist as offerings.

We admit that some of the tool developers would like to consider their tool capabilities as confidential and would not like to expose the weaknesses at this time to the professional community.

The lack of response is therefore not surprising. However we take on record that first such survey in India has been done and will be repeated from time to time.

If some tool owners want to keep themselves out of such surveys, it is their choice.

All  tools claimed to support “Risk Assessment” but on other parameters only a few claimed to support.  Most tools claimed support for Data Inventory creation, Consent Management and Classification though we have our doubts on the quality of performance in these areas.

However, we will look forward to further  information from some of the tool developers who are likely to make their demo presentations  to FDPPI and hope to get good responses on the 29 points mentioned above.

Naavi

 

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Privacy. Bookmark the permalink.