Golonex

Managed IT Services

EDR · MDR · XDR Email Security Backup & DR / BCP Staff Augmentation

🌍 Global

SOC as a Service Fractional Leadership Penetration Testing Compliance Readiness AI Automation Solutions Lab Our Work Industries About Contact Golonex Press ↗ Golonex Tools ↗ ◆ Golonex Ready Book a Call →
DPO-Led

DPDP is law. The deadline is May 2027. The clock is already running.

India’s Digital Personal Data Protection Act applies to nearly every organization handling personal data — and the heaviest obligations fall on Significant Data Fiduciaries (which most large BFSI firms will be). Full compliance and penalties — up to ₹250 crore for security failures — land on 13 May 2027.

Book a DPDP Readiness Review → All Readiness services →

Every Data Fiduciary must handle

  • ·Standalone notices and consent
  • ·Rule 6 security safeguards (encryption, access control, one-year log retention)
  • ·72-hour breach notification
  • ·Data-principal rights, retention and erasure
  • ·Children’s data and processor contracts

Significant Data Fiduciaries add

  • ·An India-resident Data Protection Officer
  • ·An annual DPIA (Data Protection Impact Assessment)
  • ·An annual independent data audit
  • ·Algorithmic due diligence
How we help

From scoping to Maintained

  • Scoping & SDF classification — are you in scope, and are you an SDF?
  • Gap assessment & remediation across all baseline and SDF obligations
  • DPO — India-resident coverage of the role
  • Independent Data Audit readiness (and audit delivery, where independence allows)
  • Maintained status so you stay audit-ready year-round
Certify it — don’t just comply with it

Regulations tell you what; ISO 27701 lets you prove it.

We build a certifiable Privacy Information Management System on top of your ISMS — the bridge between your security and privacy programs.

ISO/IEC 27701 (PIMS) — extends ISO 27001 into a certifiable privacy management system, mapped to GDPR and DPDP
ISO/IEC 27018 — protection of personal data where you process in the public cloud
ISO 31700 — Privacy by Design, built into products and processes
ISO/IEC 29100 — the privacy framework foundations underpinning it all

One management system, certifiable, satisfying GDPR, DPDP, and your customers’ due-diligence questionnaires at once.

FAQ

Frequently asked questions

What is the DPDP compliance deadline? +

Full compliance and penalties under India’s Digital Personal Data Protection Act land on 13 May 2027. Penalties reach up to ₹250 crore for security failures. The clock is already running.

Do I need a Data Protection Officer under DPDP? +

If you are a Significant Data Fiduciary, yes — you must appoint an India-resident DPO. Other Data Fiduciaries must still provide a contactable grievance channel. Our DPO-as-a-Service provides India-resident coverage of the role.

How do I know if I’m a Significant Data Fiduciary? +

The government designates SDFs based on the volume and sensitivity of personal data you process and other risk factors. Most large BFSI firms are likely to qualify. We establish your scope and SDF status as the first step of a privacy readiness review.

Does ISO 27701 cover both GDPR and DPDP? +

ISO 27701 is a certifiable privacy management system that extends your ISO 27001 ISMS and maps to both GDPR and DPDP. One management system can satisfy GDPR, DPDP, and customer due-diligence questionnaires at once.

Book a DPDP Readiness Review → CyberAI Leadership (DPO) →