We analyze one top Indian company's privacy policy every day against the DPDP Act 2023. See where they stand — and where you might be at risk.
ixigo is ahead of the curve by explicitly referencing the DPDP Act, but still relies on a 'take it or leave it' consent model. While they acknowledge your rights, the lack of specific deletion timelines and granular consent options remains a regulatory hurdle.
HealthifyMe relies on a 'bundled' consent model that likely fails the DPDP Act's strict requirement for specific and unconditional permission. While they prioritize security for sensitive health data, their broad data-sharing clauses and lack of a dedicated Indian grievance path create major legal risks.
HCL Technologies has proactively aligned its privacy framework with the Digital Personal Data Protection Act 2023. Unlike many Indian peers, HCL explicitly incorporates newer DPDP-specific rights, such as the Right to Nominate. While the policy is technically robust, improvements are needed in providing multi-lingual notices and clearly defining the external regulatory escalation path to the Data Protection Board.
DPDP compliance isn't one-size-fits-all. We specialize in sector-specific data regulations.
Guides, comparisons, and city-specific compliance consulting — everything you need to navigate the DPDP Act.
Get a clear, jargon-free assessment of your compliance obligations. No "fear-mongering", just prudent business risk management.