Section 29: Breach Reporting Obligation
Chapter: Penalties and Remedies
Maximum Penalty: Up to ₹200 Crore
Overview
Must report breaches to Board and individuals within 72 hours. This section falls under the "Penalties and Remedies" chapter of the Digital Personal Data Protection Act 2023, which was enacted to establish a comprehensive framework for data protection in India.
Key Points of Section 29
- Data Fiduciaries must report personal data breaches to the Board and affected individuals within 72 hours
- Report must include nature of breach, data affected, and remedial measures taken
- Failure to report can result in penalties up to ₹200 Crore
Who This Applies To
All Data Fiduciaries experiencing personal data breaches
Compliance Action Steps
- Build automated breach detection and alerting systems
- Create breach notification templates for Board and individuals
- Conduct breach response drills quarterly
- Maintain breach register with timeline documentation
How Complynz Helps
Complynz automates compliance with Section 29 through AI-powered assessments, policy templates, and continuous monitoring. Our platform maps each DPDP provision to actionable controls so your team can achieve and maintain compliance efficiently.
Take Free DPDP Assessment | DPDP Compliance Checklist | View Pricing