Is this a consulting service?

No, this is a free, interactive software tool that calculates your potential liability under the DPDP Act 2023 in 30 seconds. It provides an instant risk score and automated action plan.

What are common DPDP violations in DPDP Compliance for Co-working Space Operators?

Common violations include: Collecting and storing visitor Aadhaar/PAN details without clear, purpose-specific consent or a defined retention policy., Operating CCTV surveillance in common areas (or private offices) without clear, visible notices informing individuals of data collection, purpose, and retention., Not having proper Data Processing Agreements (DPAs) with third-party vendors (e.g., visitor management systems, access control providers, Wi-Fi analytics) that handle personal data on your behalf..

The DPDP Audit Tool

Compliance for DPDP Compliance for Co-working Space Operators

🏢

DPDP Compliance for Co-working Space Operators
Liability Check

📹

As a co-working space operator, every visitor, tenant, access log, and CCTV feed contains personal data you are liable for. Under the DPDP Act, you are a Data Fiduciary for this data, with penalties up to ₹250 Crore for non-compliance.

Why DPDP Compliance for Co-working Space Operators is at Risk

Co-working spaces are data-rich environments, collecting sensitive information from diverse individuals daily. This includes **visitor IDs**, tenant onboarding documents, biometric or RFID **access logs**, and pervasive **CCTV footage**. Each data point carries specific DPDP obligations regarding **consent, purpose limitation, storage, and security**. The shared nature of your workspace doesn't dilute your **fiduciary duties**; you're responsible for informing users, obtaining explicit consent, and safeguarding all personal data under your control, whether it's a temporary guest or a long-term tenant in a premium office at Cyber Hub.

Common Violations

1.Collecting and storing visitor Aadhaar/PAN details without clear, purpose-specific consent or a defined retention policy.
2.Operating CCTV surveillance in common areas (or private offices) without clear, visible notices informing individuals of data collection, purpose, and retention.
3.Not having proper Data Processing Agreements (DPAs) with third-party vendors (e.g., visitor management systems, access control providers, Wi-Fi analytics) that handle personal data on your behalf.

The Immediate Fix

Conduct a full data mapping exercise: identify every point where your co-working space collects personal data (front desk, access points, Wi-Fi, CCTV). For each data type, define the purpose of collection, the legal basis (consent is key!), and a strict data retention schedule. Update your privacy policy and ensure transparent consent mechanisms for all data subjects.