DPDP Compliance for Micro Businesses (1-10 Employees)
Liability Check
Think you're too small for the DPDP Act? Think again. Your micro business is now fully liable for handling Indian citizens' personal data under the DPDP Act. Ignorance of the law is no excuse, and penalties can be steep.
Why DPDP Compliance for Micro Businesses (1-10 Employees) is at Risk
Many micro businesses in tech parks like Manyata or T-Hub believe DPDP Act penalties only hit big corporations. But whether you're a startup selling handmade goods online, a local consultancy, or a small SaaS provider, you process **Personal Data** – names, phone numbers, email IDs of your customers, employees, or website visitors. The DPDP Act applies directly to you. A single breach or non-compliance can lead to massive fines, potentially crippling your operations and reputation, far beyond what your typical revenue allows.
Common Violations
- 1.Collecting customer phone numbers and emails without clear consent or a valid purpose, often through 'contact us' forms.
- 2.Storing sensitive customer data (e.g., Aadhaar copies, financial details) in unsecured local systems or shared drives.
- 3.Failing to have an accessible, clear Privacy Policy on their website, or one that accurately reflects data processing practices.
The Immediate Fix
Start by conducting a basic **Data Mapping exercise**. Identify all the personal data your business collects, where it's stored, and for what purpose. Then, ensure you have a clear, easily accessible Privacy Policy on your website that accurately details these practices and how individuals can exercise their rights.
Projected Compliance Deadline: Immediate