Is this a consulting service?

No, this is a free, interactive software tool that calculates your potential liability under the DPDP Act 2023 in 30 seconds. It provides an instant risk score and automated action plan.

What are common DPDP violations in A/B Testing and Personalisation Audit?

Common violations include: Processing **personal data (like IP addresses, device IDs, browsing history)** via A/B testing platforms (e.g., Optimizely, VWO) without obtaining **specific, granular consent** from users., Failing to provide a clear, easy-to-understand **privacy notice** that explicitly details how user data is collected and used for A/B testing and personalization experiments., Retaining **experiment-related personal data** longer than the specific purpose requires, or collecting excessive data beyond the **principle of data minimisation**..

The DPDP Audit Tool

Compliance for A/B Testing and Personalisation Audit

🧪

A/B Testing and Personalisation Audit
Liability Check

Your A/B tests and personalization engines are constantly processing personal data. Under the DPDP Act, failing to secure explicit consent for experimental tracking or collecting excess data for personalization can incur penalties up to ₹250 Crore.

Why A/B Testing and Personalisation Audit is at Risk

Growth teams at tech parks like Manyata or T-Hub often rely on cookies, device IDs, IP addresses, and behavioural data for A/B testing and personalizing user experiences. The DPDP Act considers much of this **personal data**. This means every experiment must clearly inform users (via **notice**) about what data is collected, its specific purpose, and obtain their **explicit consent**. Crucially, the **data minimisation principle** applies – you can only collect data strictly necessary for the experiment, and for no longer than needed. Failing to adhere to these principles for tools like Optimizely, VWO, or Adobe Target can expose your company to **significant compliance risks**.

Common Violations

1.Processing **personal data (like IP addresses, device IDs, browsing history)** via A/B testing platforms (e.g., Optimizely, VWO) without obtaining **specific, granular consent** from users.
2.Failing to provide a clear, easy-to-understand **privacy notice** that explicitly details how user data is collected and used for A/B testing and personalization experiments.
3.Retaining **experiment-related personal data** longer than the specific purpose requires, or collecting excessive data beyond the **principle of data minimisation**.

The Immediate Fix

Audit all your A/B testing and personalization platforms (e.g., VWO, Optimizely, Google Optimize) to identify what personal data they collect and process. Update your website's privacy notice to explicitly detail how this data is used for experimentation. Immediately implement mechanisms to capture clear, purpose-specific consent for any non-essential cookies or data collection used in these efforts.