DPDP Breach Notification: 72 Hours to DPBI (+ 6h CERT-In)
Under India's DPDP framework, notify the Data Protection Board (DPBI) within 72 hours of becoming aware of a personal data breach, and notify affected data principals. Separately, CERT-In Directions may require cyber incident reporting within 6 hours.
Maintain templates and a runbook before an incident. Complynz generates DPBI Rule 7 notifications and stakeholder communications from one breach form.
Related
- 72-hour breach guide
- DPDP FAQ: 72 hours
- Breach templates
- DPDP consulting services
- DPDP consulting
- DPDP Guide
DPDP consulting services | Talk to a DPDP consultant
DPDP implementation support
- Gap assessment & remediation roadmap (INR 49,999+)
- Breach runbook & DPBI templates
- SDF / DPO / DPIA programs