The DPDP Act 2023 carries some of the heaviest data-protection penalties in the world: up to ₹250 crore for failing to keep data reasonably secure, up to ₹200 crore for mishandling children’s data or failing to report a breach, and up to ₹50 crore for other breaches. For education — where most data belongs to minors — the ₹200 crore children’s-data ceiling is the one to watch. This article explains how penalties are decided, what triggers them in a school, and how to avoid the common traps.
What actually triggers a fine in a school
- Leaked spreadsheet, lost laptop, photos without consent, no breach report.
How the Board decides the amount
- Nature, gravity, duration, mitigation.
FAQ
Q: What’s the maximum DPDP fine?
A: Up to ₹250 crore for failing to maintain reasonable security safeguards.
Q: Can a small school really be fined crores?
A: Penalties are capped maximums; actual amounts consider gravity and mitigation — but the legal exposure is real.

Call Now
WhatsApp