Turn data protection compliance
into competitive advantage.

The data protection law states the need for lawful processing versus the right to protect personal data. Personal data collected – of prospects, customers, employees, partners, suppliers – will need to be done so with clear and plain consent and processed only for the purpose stated.

data protection

Indian Data Protection

Complying with Indian data protection law is now a breeze. We have done the heavy lifting, so you can remain compliant. You can login to our dashboard and get started with your data protection compliance in minutes. You can create consent pages; register systems collecting personal data; and enable data registry through simple APIs across all your touchpoints collecting personal data.

Learn more

Steps to comply with Indian DPDP law?

You can start your data protection compliance with simple steps. The Atlas DPDP solution will guide you through discovery, consent management, handling processing activities, requests, and grievances, all in a single unified dashboard.

Learn more

1

Discovery – Use our semi-automated process to identify data sources, classify and categories your data, build the policies and purposes to adhere to the law.

2

Policy and Purpose – Following the Discovery phase, register all systems/vendors and the data policy (data collection, processing, sharing etc) and their Purpose in the Atlas registry.

3

Design Consent – Automatically generate the consent pages based on the systems and policies. The consent pages can be customised and generated in 10 Indian languages.

4

Consent Manager – Record all of the customer consents in one central place with all of the audit details needed for DPDP compliance.

5

Consent Initiation – Initiate consents for any system and any version right from your data collection systems with simple APIs or no code links.

6

Consent Search – Search for a customer record and view consent provided as Proof of Consent – an essential compliance requirement.

7

Consent Checks – Ensure that every system intending to process personal data is approved in the registry and invokes the APIs for consent checks prior to processing data.

8

Processing Activities – Ensure that every system processing data logs the details before processing or raise red flags for non-compliance.

9

Customer Requests – Review all changes requested by customers—automate requests using a set of rules or assign them to system owners for completion.

10

Customer Request Forms – Enable standard customer request forms that can be handled centrally within the Atlas Registry.

11

Customer Grievances – Manage all DPDP grievances in one place with workflow for assignment/completion and reporting.

12

Reports – A 360-degree view of customer data, consent %, compliance %, systems accessing data, complaints, redressals, reports for auditors etc.

13

Admin – Org management, User management, role management, logs, general settings and more to have more control over your data.

14

APIs – APIs for integrating the Atlas Registry with internal and external data processors: register processing requests, check for consent permissions, invoke consent pages to the User, automate customer requests; reminders and alerts.

Key Features of Atlas DPDP Solution

Plug-and-Play
Safeguard personal data with our easy-to-use dashboard or easy to integrate APIs.
Data Registry
A simple registry to register all your consents in one place. Invoke the APIs to make registry entries.
Clear Consent
Clear, plain and multilingual consent page pre-built that you can use for getting customer consent.
System Registry
Add your systems, data captured by your systems and purpose details to auto build the consent page.
Dedicated Support
We are real and friendly humans, not bots, ready to lend a hand, whenever you need us.
Remain Compliant
Remain compliant with the Digital Data Protection Act 2023 and earn customer’s trust instantly.

Discover Data

Discovery of what you have is the first step towards your DPDP compliance. We help you with a semi-automated process to identify core systems, profile and classify personal data, apply policy models and define the purpose for which the data is collected.

Learn more
data protection
data protection

Register Systems

Register your systems and data protection policy, encompassing data collection, processing, purpose, transfer, and storage across internal and external systems. Ensure that every system requiring access has sufficient privileges and processes data in accordance with customer consent.

Learn more

Multilingual Consent

Enable transparent and clear customer consent for data processing. Ensure users understand and agree to how their data will be processed across your systems. Configure multi lingual consent pages automatically (to be available in 9 Indian languages) to build trust with your customers.

Learn more
data protection
data protection

Consent Management

Provide consent notices to your customers across all touchpoints using our no-code dashboard. Allow customers to view and provide their consent in the language of their choice. Once the consent is submitted, it is stored within the central consent management dashboard.

Learn more

Verify Consent

Enable all of your systems to ensure they have consent prior to processing customer data. This will help you remain compliant with DPDP law and ensure full transparency across your data processing activities.

Learn more
data protection
data protection

Processing Activities

Log every processing activity undertaken on a customer record. This will ensure that your organization complies with data processing limits and that data is processed only for the purposes for which consent was granted.

Learn more

Process Requests

Empower customers to modify their data processing preferences across all your channels (Web, Mobile, Branch) through simple APIs or no-code Dashboard. Seamlessly process change requests ensuring swift updates to how customer data is handled.

Learn more
data protection
data protection

Address Grievances

Allow customers to submit and track their grievances. Use our standard pre-built forms for collecting grievances and sending notifications. You can assign system owners to address and resolve grievances on time to remain fully compliant with DPDP law.

Learn more

Build Trust

Trust between consumers and businesses is at an all-time low. Providing clear consent and explaining to the user what data is collected, how the data is processed, who has access, and the grievance mechanisms can help build significant trust with your consumers.

Learn more
data protection

Data Protection law of India
Frequently Asked Questions

What is Digital Personal Data Protection Act of India?

The new data protection law of India (DPDP Act) that was passed in August 2023 will affect every business entity in India, and affect every aspect of a business in India. At its core, it states the need for lawful processing and the right to protect personal data. Therefore, all of the data collected – of prospects, customers, employees, partners, suppliers etc – will need to be collected with explicit and clear consent and provide full rights to the data owners to update or revoke processing of data beyond the most essential within the ambit of the data protection laws of India.

What is personally identifiable information (PII) or personal data?

Any data about an individual, when used alone or in conjunction with other relevant information, can identify that individual.

Is the DPDP act similar to the GDPR act in Europe?

Much like the GDPR there are four key pillars to the data protection law:

Data Principal – The data owner (or data subject as in GDPR) who has ultimate control over their personal data and how its processed.

Data Fiduciary – The data controller takes ultimate responsibility for usage and processing of personal data strictly in accordance with the consent received from the data principal.

Data Processor – The data processor helps with the processing and storage of personal data. In most cases the data processer will be data fiduciary themselves but can appoint a third-party organisation to process data on their behalf.

Informed Consent – A clear, unambiguous consent presented to customers before collecting and processing data. Note that the consent can be corrected or revoked at any time by the data principal.

What does the law mean by Data Processing?

Data processing refers to all things that can be done with data such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction. In short it refers to anything you do with personal data in your hands.

How does organisations go about protecting personal data as per the Indian Data Protection law?

While this will take an organisation wide change, at the most fundamental level, the key questions that every business need to ask when collecting personal data is:

  • What data are we capturing?
  • How do we use and process data?
  • Where is data getting stored?
  • Who has access to data?
  • Is the consent plain and clear?
  • Do we provide a way to address grievances?

A clear set of answers to the above will keep the organisations compliant with the digital personal data protection law. And the Atlas Dashboard Data Registry helps with the process to get started immediately.

What is Atlas Data Registry and how can it help?

Atlas Data Registry is a set of APIs, SDKs and no code GUI to help you get started on your data protection journey without any delays. You can add your systems and the data they collect and data they share into the data registry. You can create consent pages and enable them during onboarding of your customers across all your channel touch points. Every system capturing personal data will make a registry entry of the consent and the system capturing personal data. Note that no personal PII data is ever stored in the Data Registry. Your systems can query the Data Registry for the consent provided prior to processing data legally. All the requests raised by Data Principals can also be viewed and approved in a single place. In addition, you will have comprehensive reports to ensure you are fully compliant with the data protection law.

Does Atlas Data Registry store any of the personal data?

NO. The Data Registry simply registers the metadata (data about data) when capturing personal data. Your data will reside where they normally reside. The Data Registry will ensure that all of the data processing is done as per the consent given by the customer. So systems registered in the Registry can request for permission to enrol and query the registry to obtain the permission granted prior to processing data. For instance, if a System wants to send you personalised advertisement to your mobile, the system can first query the Registry for the permission granted by you. If you have denied permission for advertisement, the system cannot use your data for the same. Simple as that.

How do I get consent from my existing customers to process data?

This is poised to be the most challenging task for businesses in India. Nonetheless, we have significantly simplified the process. Utilize our consent designer in the Atlas Dashboard to easily create consent pages for various stakeholders—customers, employees, vendors, etc. Simply share the link via email or registered mobile to obtain their informed consent. The consent page allows users to review the collected and processed data shared with third parties. Users can provide informed consent, and this information will be securely stored in the data registry. It's essential to note that this is a one-time exercise to ensure ongoing compliance. And then you use our APIs for real time consent capture.

Will I as a small business have to comply with the Indian Data Protection Law?

Absolutely. The law to protect personal data is not only meant for large organisations such as Banks, Insurance and Telecoms. It applies to every company, big or small, that collect personal data from anyone such as customers, employees, suppliers and so on. If the data is held digitally, then it is incumbent on you to comply with the law. The good news is, it is not scary to get started. With some simple steps, you can get started for free using our Atlas Dashboard. Book a demo to see how you can be on your way to turn compliance into competitive advantage.

If you are a very small entity with few customers and few employees then you can manage with simple email-based consent letters. However, if you are a growing company with many new customers, then its best to use a technology solution such as ours right from the start.

How will organisations be judged by customers for protecting their personal data?

Organisations will be judged not just for their brand value and instead judged by how they safeguard their privacy without the ad bombs and SMS hinderances and more recently wading into our private WhatsApp communications disrupting every aspect of our lives from getting life done.

  • What data does the organisation collect?
  • Is the consent provided to me clear?
  • Is the data collected only for the purposes informed in the consent?
  • Is the data adequate (not more) for the product/service I am choosing?
  • How does the organisation secure my data?
  • What data does the organisation share with others for legitimate processing?
  • Is my data sold to third parties (other than the purpose for which it was obtained)?
  • What rights do I have to my data?
  • Can I control the use of my data? – e.g. restrict access to third parties, erase etc
  • Can I download use of my data?
  • How easy it is for me to control my data?
  • Is there a grievance officer that I can complain if my queries are not heard?

How do I start the DPDP process?

Migrating to the new DPDP regime is not easy. While a reasonable amount of effort was added to protect data, the DPDP law mandates user consent at the centre of data processing which is a step change in how data was handled thus far. Migrating to DPDP regime requires a concerted effort to identify all of the source systems collecting PII data, storage systems, data processors handling PII data, purpose for which PII data is handled and fresh data consent from data owners. A massive effort is needed to get the required consent before going ahead with processing of data from here on which will impact every system handling PII data at the moment. We have largely simplified the process with the system enrolment, consent designer and simple plug and play APIs. Please book a demo so you can see for yourself how you can begin the journey towards lifelong data protection compliance.

What control do data principals have over their data?

Citizens – data principals, have ultimate right to view how their data is being processed and change or revoke their preferences anytime. In particular, data principals have the following rights under the current data protection law.

  • Right of access
  • Right to correction
  • Right to erasure
  • Right to withdraw consent
  • Right to grievance redressal
  • Right to nominate any other individual who, in the event of death or incapacity of the data principal, can exercise their rights under the Act.
Talk to an expert
Battle tested technology.
Use it just the way you want it.

Whether you are just starting out or you are miles ahead and want to optimise your customer experience, you can use our technology just the way you imagine it. In multiple ways for multiple use cases.

Native Mobile SDKs

Offline Android and iOS components for identity capture. Works without internet connection. Quick integration into your native Apps. Tested in over 1000+ mobile devices.

View SDK Documentation video kyc
Cloud APIs

Restful APIs that can be integrated instantly without worrying about infrastructure or auto scaling. Our battle tested AWS environment is ISO 27001:2013 certified and monitored 24x7.

View API Documentation video kyc
On-Premise

Use our technology deployed as Docker containers in your own servers. In this set up there are no external calls outside your servers giving you total control over your data.

Contact Sales video kyc
Cloud Dashboard (no-code)

Get started instantly and begin your identity verification projects. The dashboard provides you with everything you need to onboard your customers as per prevailing regulations.

Book a demo video kyc

Trusted technology platform.

Trust is hard to earn. We certainly do not earn them through paid advertising. Instead, we earn your trust by providing a high-quality product and reliable service that you can count on. Every single day.

Patented technology
Patented technologies matured over 14 years with proven accuracy, quality and scale.
Support that truly supports
Whatever it takes, we are here to help you succeed with our tools and services.
Secure enterprise platform
Use our cloud platform to get started now. Or deploy this within your own premises.
Pricing that makes sense
Pay per transaction with discounts as you scale. Or annual subscription with unlimited usage.

Trusted by 150+ customers worldwide

Book a free demo

Built for flexibility, compliance and reliability to serve multiple industry segments.

video KYC
Banks
video KYC
Insurance
video KYC
Telco
video KYC
Ecommerce
video KYC
Fintech
video KYC
Healthcare
video KYC
Delivery
video KYC
Gig Economy
video KYC
Governments