India, 22 June 2026:- With enforcement of the Digital Personal Data Protection Act expected by May 2027, a Bengaluru-based startup is helping businesses move from awareness to actual compliance, quietly, and faster than they expected.
When the Indian government passed the Digital Personal Data Protection Act in August 2023, it set in motion one of the most consequential shifts in how businesses in the country handle customer information. The rules are clear: organisations that collect, store, or process personal data must obtain explicit consent, appoint Data Fiduciaries, and be prepared to demonstrate compliance on demand. Penalties for violations can reach ₹250 crore per instance.
With enforcement expected to begin by May 2027, the clock is running. Yet across industries, from D2C brands and fintech platforms to enterprise SaaS companies and healthcare providers, most organisations have done little more than acknowledge the law exists. A combination of regulatory uncertainty, a shortage of qualified DPDP counsel, and the sheer complexity of auditing data flows across modern digital infrastructure has left businesses in a prolonged holding pattern.
The traditional approach to compliance, engaging a law firm, conducting a manual audit, and generating a static report, is both expensive and slow. For a mid-sized business with dozens of third-party integrations and multiple data collection touchpoints, a thorough manual audit can take months and cost several lakhs, with no guarantee the findings remain accurate as the business evolves. For smaller companies, the process is simply out of reach.
ComplyDP, a Bengaluru-based compliance technology company, was built to address exactly this gap. Founded by Sanket Sharma, a former Supreme Court of India advocate with a background in privacy law, and Vipul Abhishek, an AI and machine learning engineer, the platform automates the end-to-end DPDP compliance process, from initial audit to ongoing monitoring.
The platform scans a company’s digital properties, maps personal data flows, identifies compliance gaps against DPDP requirements, and generates a structured action plan, in a fraction of the time a manual engagement would take. It also handles cookie consent management, privacy notice generation, and Data Principal rights workflows, which are among the most operationally complex requirements under the Act.
The company is backed by NVIDIA Inception, Google Cloud for Startups, T-Hub, and the Department of Science and Technology, a combination that reflects both the technical depth of the platform and its potential at scale. ComplyDP is currently working with businesses across the D2C, BFSI, and enterprise technology sectors, with several larger organisations in active evaluation.
“Having argued data privacy matters at the Supreme Court, I have seen firsthand how organisations underestimate regulatory risk until it becomes a crisis,” said Sanket Sharma, Co-Founder and CEO of ComplyDP. “The DPDP Act is India’s GDPR moment. The difference is that businesses here have a narrower window to act, and far less institutional infrastructure to help them do it. We built ComplyDP to close that gap.”
The urgency is compounded by the fact that DPDP compliance is not a one-time exercise. As businesses add new products, enter new markets, or integrate new vendors, their data landscape changes, and so does their compliance posture. Static audits go stale quickly. What the market increasingly needs is continuous compliance monitoring, not periodic snapshots.
For businesses looking to understand where they currently stand, ComplyDP offers a free DPDP compliance report that maps existing gaps against the Act’s requirements. The scan covers website data practices, cookie usage, and consent flows, and generates a structured output that can be shared with legal or compliance teams. It is available at complydp.com/report.
With enforcement timelines tightening and regulatory clarity improving, the question for most businesses is no longer whether to comply, but how quickly they can get there.
About ComplyDP
ComplyDP (Nihonium Labs Private Limited) is an AI-native DPDP compliance platform for Indian businesses. The platform automates compliance audits, consent management, cookie scanning, and data mapping, helping organisations meet their obligations under India’s Digital Personal Data Protection Act 2023. ComplyDP is backed by NVIDIA Inception, Google Cloud for Startups, T-Hub, and the Department of Science and Technology. For more information, visit complydp.com.
