Section 33: Penalties

Chapter: Penalties and Remedies

Maximum Penalty: Up to ₹250 Crore

Overview

Up to ₹250 Crore for security failures, ₹200 Crore for breach notification failures. This section falls under the "Penalties and Remedies" chapter of the Digital Personal Data Protection Act 2023, which was enacted to establish a comprehensive framework for data protection in India.

Key Points of Section 33

• Penalties up to ₹250 Crore for failure to implement security safeguards
• Up to ₹200 Crore for breach notification failures
• Up to ₹150 Crore for obligations relating to children's data

Who This Applies To

All Data Fiduciaries — penalties are proportionate to breach severity and organizational size

Compliance Action Steps

1. Conduct penalty risk assessment across all DPDP obligations
2. Implement priority compliance for highest-penalty provisions
3. Maintain comprehensive compliance evidence for defense
4. Budget for potential penalties in risk planning

How Complynz Helps

Complynz automates compliance with Section 33 through AI-powered assessments, policy templates, and continuous monitoring. Our platform maps each DPDP provision to actionable controls so your team can achieve and maintain compliance efficiently.

Take Free DPDP Assessment | DPDP Compliance Checklist | View Pricing

Back to Complete DPDP Guide