Turn data protection compliance
into competitive advantage.

The data protection law states the need for lawful processing versus the right to protect personal data. Personal data collected – of prospects, customers, employees, partners, suppliers – will need to be done so with clear and plain consent and processed only for the purpose stated.

data protection

Indian Data Protection

Complying with Indian data protection law is now a breeze. We have done the heavy lifting, so you can remain compliant. You can login to our dashboard and get started with your data protection compliance in minutes. You can create consent pages; register systems collecting personal data; and enable data registry through simple APIs across all your touchpoints collecting personal data.

Learn more

How do I comply with Indian Data Protection law?

You can start your data protection compliance with simple steps. Enrol your systems collecting PII data, state the purpose, create consent pages and collect consents from any customer touchpoint.

Learn more

1

Login to our Dashboard

2

Enrol your systems collecting personal data

3

Create consent page to obtain permission to process data

4

Make API calls to register PII data in the Data Register

5

Query Data Register for permissions before processing data

6

Enable consumers to update or revoke data usage permissions

Key Features of Data Protection

Plug-and-Play
Safeguard personal data with our easy-to-use dashboard or easy to integrate APIs.
Data Registry
A simple registry to register all your consents in one place. Invoke the APIs to make registry entries.
Clear Consent
Clear, plain and multilingual consent page pre-built that you can use for getting customer consent.
System Registry
Add your systems, data captured by your systems and purpose details to auto build the consent page.
Dedicated Support
We are real and friendly humans, not bots, ready to lend a hand, whenever you need us.
Remain Compliant
Remain compliant with the Digital Data Protection Act 2023 and earn customer’s trust instantly.

Register Consent

Protect personal data from the get go with our easy-to-use data registry system. Configure your systems collecting personal data across channels to make a data registry entry at the point of personal data capture.

Learn more
data protection
data protection

Register Systems

Register your systems and data protection policy, encompassing data collection, processing, purpose, transfer, and storage across internal and external systems. Ensure that every system requiring access has sufficient privileges and processes data in accordance with customer consent.

Learn more
data protection

Multilingual Consent

Enable transparent and clear customer consent for data processing. Ensure users understand and agree to how their data will be processed across your systems. Configure multi lingual consent pages (to be available in 9 Indian languages) to foster trust and compliance.

Learn more

Build Trust

Trust between consumers and businesses is at an all-time low. Providing clear consent and explaining to the user what data is collected, how the data is processed, who has access, and the grievance mechanisms can help build significant trust with your consumers.

Learn more
data protection
data protection

Process Requests

Empower customers to modify their data processing preferences across all your channels (Web, Mobile, Branch) through simple APIs or no-code Dashboard. Seamlessly process change requests ensuring swift updates to how customer data is handled.

Learn more

Address Grievances

Resolve grievances effortlessly through our intuitive dashboard. Empower customers to submit and track their concerns, while our platform ensures prompt and transparent issue resolution. You can assign system owners to complete and address the grievances on time to remain fully compliant with the data protections laws of india.

Learn more
data protection
data protection

Remain Compliant

With a one-time consent management effort through our simple excel upload feature, you can obtain consent from existing customers to start processing data. You can get started by using our no-code dashboard or our ready to use APIs.

Learn more

Data Protection law of India
Frequently Asked Questions

What is Digital Personal Data Protection Act of India?

The new data protection law of India (DPDP Act) that was passed in August 2023 will affect every business entity in India, and affect every aspect of a business in India. At its core, it states the need for lawful processing and the right to protect personal data. Therefore, all of the data collected – of prospects, customers, employees, partners, suppliers etc – will need to be collected with explicit and clear consent and provide full rights to the data owners to update or revoke processing of data beyond the most essential within the ambit of the data protection laws of India.

What is personally identifiable information (PII) or personal data?

Any data about an individual, when used alone or in conjunction with other relevant information, can identify that individual.

Is the DPDP act similar to the GDPR act in Europe?

Much like the GDPR there are four key pillars to the data protection law:

Data Principal – The data owner (or data subject as in GDPR) who has ultimate control over their personal data and how its processed.

Data Fiduciary – The data controller takes ultimate responsibility for usage and processing of personal data strictly in accordance with the consent received from the data principal.

Data Processor – The data processor helps with the processing and storage of personal data. In most cases the data processer will be data fiduciary themselves but can appoint a third-party organisation to process data on their behalf.

Informed Consent – A clear, unambiguous consent presented to customers before collecting and processing data. Note that the consent can be corrected or revoked at any time by the data principal.

What does the law mean by Data Processing?

Data processing refers to all things that can be done with data such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction. In short it refers to anything you do with personal data in your hands.

How does organisations go about protecting personal data as per the Indian Data Protection law?

While this will take an organisation wide change, at the most fundamental level, the key questions that every business need to ask when collecting personal data is:

  • What data are we capturing?
  • How do we use and process data?
  • Where is data getting stored?
  • Who has access to data?
  • Is the consent plain and clear?
  • Do we provide a way to address grievances?

A clear set of answers to the above will keep the organisations compliant with the digital personal data protection law. And the Atlas Dashboard Data Registry helps with the process to get started immediately.

What is Atlas Data Registry and how can it help?

Atlas Data Registry is a set of APIs, SDKs and no code GUI to help you get started on your data protection journey without any delays. You can add your systems and the data they collect and data they share into the data registry. You can create consent pages and enable them during onboarding of your customers across all your channel touch points. Every system capturing personal data will make a registry entry of the consent and the system capturing personal data. Note that no personal PII data is ever stored in the Data Registry. Your systems can query the Data Registry for the consent provided prior to processing data legally. All the requests raised by Data Principals can also be viewed and approved in a single place. In addition, you will have comprehensive reports to ensure you are fully compliant with the data protection law.

Does Atlas Data Registry store any of the personal data?

NO. The Data Registry simply registers the metadata (data about data) when capturing personal data. Your data will reside where they normally reside. The Data Registry will ensure that all of the data processing is done as per the consent given by the customer. So systems registered in the Registry can request for permission to enrol and query the registry to obtain the permission granted prior to processing data. For instance, if a System wants to send you personalised advertisement to your mobile, the system can first query the Registry for the permission granted by you. If you have denied permission for advertisement, the system cannot use your data for the same. Simple as that.

How do I get consent from my existing customers to process data?

This is poised to be the most challenging task for businesses in India. Nonetheless, we have significantly simplified the process. Utilize our consent designer in the Atlas Dashboard to easily create consent pages for various stakeholders—customers, employees, vendors, etc. Simply share the link via email or registered mobile to obtain their informed consent. The consent page allows users to review the collected and processed data shared with third parties. Users can provide informed consent, and this information will be securely stored in the data registry. It's essential to note that this is a one-time exercise to ensure ongoing compliance. And then you use our APIs for real time consent capture.

Will I as a small business have to comply with the Indian Data Protection Law?

Absolutely. The law to protect personal data is not only meant for large organisations such as Banks, Insurance and Telecoms. It applies to every company, big or small, that collect personal data from anyone such as customers, employees, suppliers and so on. If the data is held digitally, then it is incumbent on you to comply with the law. The good news is, it is not scary to get started. With some simple steps, you can get started for free using our Atlas Dashboard. Book a demo to see how you can be on your way to turn compliance into competitive advantage.

If you are a very small entity with few customers and few employees then you can manage with simple email-based consent letters. However, if you are a growing company with many new customers, then its best to use a technology solution such as ours right from the start.

How will organisations be judged by customers for protecting their personal data?

Organisations will be judged not just for their brand value and instead judged by how they safeguard their privacy without the ad bombs and SMS hinderances and more recently wading into our private WhatsApp communications disrupting every aspect of our lives from getting life done.

  • What data does the organisation collect?
  • Is the consent provided to me clear?
  • Is the data collected only for the purposes informed in the consent?
  • Is the data adequate (not more) for the product/service I am choosing?
  • How does the organisation secure my data?
  • What data does the organisation share with others for legitimate processing?
  • Is my data sold to third parties (other than the purpose for which it was obtained)?
  • What rights do I have to my data?
  • Can I control the use of my data? – e.g. restrict access to third parties, erase etc
  • Can I download use of my data?
  • How easy it is for me to control my data?
  • Is there a grievance officer that I can complain if my queries are not heard?

How do I start the DPDP process?

Migrating to the new DPDP regime is not easy. While a reasonable amount of effort was added to protect data, the DPDP law mandates user consent at the centre of data processing which is a step change in how data was handled thus far. Migrating to DPDP regime requires a concerted effort to identify all of the source systems collecting PII data, storage systems, data processors handling PII data, purpose for which PII data is handled and fresh data consent from data owners. A massive effort is needed to get the required consent before going ahead with processing of data from here on which will impact every system handling PII data at the moment. We have largely simplified the process with the system enrolment, consent designer and simple plug and play APIs. Please book a demo so you can see for yourself how you can begin the journey towards lifelong data protection compliance.

What control do data principals have over their data?

Citizens – data principals, have ultimate right to view how their data is being processed and change or revoke their preferences anytime. In particular, data principals have the following rights under the current data protection law.

  • Right of access
  • Right to correction
  • Right to erasure
  • Right to withdraw consent
  • Right to grievance redressal
  • Right to nominate any other individual who, in the event of death or incapacity of the data principal, can exercise their rights under the Act.
Talk to an expert
Battle tested technology.
Use it just the way you want it.

Whether you are just starting out or you are miles ahead and want to optimise your customer experience, you can use our technology just the way you imagine it. In multiple ways for multiple use cases.

Native Mobile SDKs

Offline Android and iOS components for identity capture. Works without internet connection. Quick integration into your native Apps. Tested in over 1000+ mobile devices.

View SDK Documentation video kyc
Cloud APIs

Restful APIs that can be integrated instantly without worrying about infrastructure or auto scaling. Our battle tested AWS environment is ISO 27001:2013 certified and monitored 24x7.

View API Documentation video kyc
On-Premise

Use our technology deployed as Docker containers in your own servers. In this set up there are no external calls outside your servers giving you total control over your data.

Contact Sales video kyc
Cloud Dashboard (no-code)

Get started instantly and begin your identity verification projects. The dashboard provides you with everything you need to onboard your customers as per prevailing regulations.

Book a demo video kyc

Trusted technology platform.

Trust is hard to earn. We certainly do not earn them through paid advertising. Instead, we earn your trust by providing a high-quality product and reliable service that you can count on. Every single day.

Award winning technology
Patent pending technologies matured over ten years with proven accuracy, quality and scale.
Support that truly supports
Whatever it takes, we are here to help you succeed with our tools and services.
Secure enterprise platform
Use our cloud platform to get started now. Or deploy this within your own premises.
Pricing that makes sense
Pay per transaction with discounts as you scale. Or annual subscription with unlimited usage.

Trusted by 150+ customers worldwide

Book a free demo

Built for flexibility, compliance and reliability to serve multiple industry segments.

video KYC
Banks
video KYC
Insurance
video KYC
Telco
video KYC
Ecommerce
video KYC
Fintech
video KYC
Healthcare
video KYC
Delivery
video KYC
Gig Economy
video KYC
Governments