DPDP Penalties Explained: What a ₹200 Crore Fine Means for a School

DPDP Penalties Explained: What a ₹200 Crore Fine Means for a School

The DPDP Act 2023 carries some of the heaviest data-protection penalties in the world: up to ₹250 crore for failing to keep data reasonably secure, up to ₹200 crore for mishandling children’s data or failing to report a breach, and up to ₹50 crore for other breaches. For education — where most data belongs to minors — the ₹200 crore children’s-data ceiling is the one to watch. This article explains how penalties are decided, what triggers them in a school, and how to avoid the common traps.

What actually triggers a fine in a school

  • Leaked spreadsheet, lost laptop, photos without consent, no breach report.

How the Board decides the amount

  • Nature, gravity, duration, mitigation.

FAQ

Q: What’s the maximum DPDP fine?

A: Up to ₹250 crore for failing to maintain reasonable security safeguards.

 

Q: Can a small school really be fined crores?

A: Penalties are capped maximums; actual amounts consider gravity and mitigation — but the legal exposure is real.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *




Enter Captcha Here :