Dpdp Compliance Assessment
by @krishnakumarmahadevan-cmd
Assess compliance with India's Digital Personal Data Protection (DPDP) Act 2023 across 7 domains with 41 controls. Use when evaluating DPDP readiness, Indian...
clawhub install dpdp-compliance-assessment📖 About This Skill
name: dpdp-compliance-assessment description: Assess compliance with India's Digital Personal Data Protection (DPDP) Act 2023 across 7 domains with 41 controls. Use when evaluating DPDP readiness, Indian data privacy compliance, data principal rights, consent management under DPDP, or privacy maturity assessment for organizations operating in India. version: 1.0.0 homepage: https://portal.toolweb.in metadata: openclaw: emoji: "🇮🇳" requires: env: - TOOLWEB_API_KEY bins: - curl primaryEnv: TOOLWEB_API_KEY os: - linux - darwin - win32 category: security
DPDP Compliance Assessment 🇮🇳🔏
Assess your organization's compliance with India's Digital Personal Data Protection (DPDP) Act 2023. Evaluates 41 controls across 7 privacy domains and returns an overall maturity score, domain-level analysis, compliance checklist, remediation roadmap, and executive summary.
Built by a CISSP/CISM certified security professional at ToolWeb.in
When to Use
Prerequisites
TOOLWEB_API_KEY — Get your API key from portal.toolweb.incurl must be available on the systemCRITICAL: Always Call the API
API Endpoint
POST https://portal.toolweb.in/apis/compliance/dpdp-compliance
7 Assessment Domains (41 Controls)
| Domain | Name | Weight | Controls | |--------|------|--------|----------| | data_governance | Data Governance & Inventory | 15% | 6 | | consent_management | Consent & Preference Management | 20% | 7 | | data_subject_rights | Data Principal Rights Management | 18% | 6 | | third_party_management | Vendor & Third-Party Risk Management | 12% | 5 | | data_security | Data Protection & Security Measures | 15% | 6 | | breach_management | Incident & Breach Response | — | 5 | | privacy_governance | Privacy Governance | — | 6 |
Maturity Levels
| Level | Score | Description | |-------|-------|-------------| | Initial | 0-25% | Ad-hoc and reactive. Significant gaps. | | Developing | 26-50% | Basic controls, not consistently applied. | | Defined | 51-75% | Documented and consistently implemented. | | Managed | 76-90% | Measured and controlled. Strong compliance. | | Optimized | 91-100% | Embedded in culture. Continuous improvement. |
Workflow
1. Gather inputs from the user:
Organization info:
- organization_name — Organization name
- industry_sector — Industry (e.g., "Technology", "Banking & Finance", "Healthcare", "E-commerce", "Telecom", "Education")
- organization_size — Size (e.g., "Startup", "Small", "Medium", "Large", "Enterprise")
- data_volume — Volume of personal data (e.g., "Low (<10K records)", "Medium (10K-1M)", "High (1M-10M)", "Very High (>10M)")
- geographic_scope — Operations scope (e.g., "India only", "India + International", "Global with India operations")
Assessment responses — For each of the 41 questions, gather the user's answer. Responses are mapped as question ID to answer string in the responses dictionary.
Key questions by domain:
Data Governance (dg_01 to dg_06): - Comprehensive personal data inventory? - Automated data discovery and classification tools? - Defined data classification scheme? - Records of processing activities (RoPA)? - Data retention schedules defined and enforced? - Regular review process for data inventories?
Consent Management (cm_01 to cm_07): - Explicit informed consent before collecting data? - Granular consent options for different purposes? - Easy consent withdrawal mechanism? - Consent records maintained with timestamps? - Re-consent process when purposes change? - Age verification for children's data? - Consent dashboard for data principals?
Data Principal Rights (dsr_01 to dsr_06): - Process for handling access requests? - Correction and erasure request handling? - Data portability capability? - Response within prescribed timelines? - Identity verification for requests? - Grievance redressal mechanism?
Third-Party Management (tp_01 to tp_05): - Data processing agreements with vendors? - Vendor privacy risk assessments? - Ongoing vendor monitoring? - Data sharing limitations enforced? - Cross-border transfer safeguards?
Data Security (ds_01 to ds_06): - Encryption for personal data? - Access controls and authentication? - Security monitoring and logging? - Regular security assessments? - Data anonymization/pseudonymization? - Secure data disposal procedures?
Breach Management (bm_01 to bm_05): - Breach detection capabilities? - Incident response plan for data breaches? - Notification process to Data Protection Board? - Notification process to affected data principals? - Post-incident review and improvement?
Privacy Governance (pg_01 to pg_06): - Designated Data Protection Officer/privacy lead? - Privacy impact assessments conducted? - Privacy training for employees? - Privacy policies published and accessible? - Regular compliance audits? - Privacy-by-design in new projects?
For each question, accept answers like: "Yes, fully implemented", "Partial", "In progress", "No", "Not applicable", or descriptive text.
2. Call the API:
curl -s -X POST "https://portal.toolweb.in/apis/compliance/dpdp-compliance" \
-H "Content-Type: application/json" \
-H "X-API-Key: $TOOLWEB_API_KEY" \
-d '{
"organization_name": "",
"industry_sector": "",
"organization_size": "",
"data_volume": "",
"geographic_scope": "",
"responses": {
"dg_01": "",
"dg_02": "",
...
"pg_06": ""
},
"include_roadmap": true
}'
3. Parse the response. The API returns:
- overall_score — Compliance score (0-100)
- maturity_level — Maturity level (Initial/Developing/Defined/Managed/Optimized)
- report_html — Full assessment report
- checklist_html — Compliance checklist
- roadmap_html — Remediation roadmap
- executive_summary_html — Board-level summary
4. Present results with domain scores and priority actions.
Output Format
🇮🇳 DPDP Compliance Assessment
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━Organization: [name]
Industry: [sector]
Data Volume: [volume]
📊 Overall Score: [XX]% — [maturity_level]
📋 Domain Scores:
📁 Data Governance: [X]%
✋ Consent Management: [X]%
👤 Data Principal Rights: [X]%
🤝 Vendor Management: [X]%
🔒 Data Security: [X]%
🚨 Breach Management: [X]%
📜 Privacy Governance: [X]%
🚨 Critical Gaps:
[List highest-priority non-compliant areas]
📋 Remediation Roadmap:
[Phase-wise actions from the roadmap]
📎 Full report powered by ToolWeb.in
Error Handling
TOOLWEB_API_KEY is not set: Tell the user to get an API key from https://portal.toolweb.inExample Interaction
User: "Check if our fintech company is compliant with India's DPDP Act"
Agent flow: 1. Ask: "I'll assess your DPDP compliance across 7 domains. Let's start: - What's your organization size and how much personal data do you process? - Do you have a data inventory and consent management system? - Can you handle data principal access and erasure requests?" 2. User responds with details for each domain 3. Map responses to question IDs and call API 4. Present overall score, maturity level, domain breakdown, and roadmap
Pricing
About
Created by ToolWeb.in — a security-focused MicroSaaS platform with 200+ security APIs, built by a CISSP & CISM certified professional. Trusted by security teams in USA, UK, and Europe and we have platforms for "Pay-per-run", "API Gateway", "MCP Server", "OpenClaw", "RapidAPI" for execution and YouTube channel for demos.
Related Skills
Tips
⚡ When to Use
⚙️ Configuration
TOOLWEB_API_KEY — Get your API key from portal.toolweb.incurl must be available on the system