DPDP enforcement deadline: May 2027Rules notified Nov 2025Penalty exposure up to ₹250 Cr
Free ToolsTemplatesServicesWorkshopsBook Consultation

Quick Answer

What is a DPDP Consent Audit? A DPDP Consent Audit evaluates whether an organisation's consent collection, management, and withdrawal mechanisms meet the requirements of the Digital Personal Data Protection Act 2023. It assesses consent notices for clarity and specificity, consent records for completeness, the ease and accessibility of withdrawal mechanisms, and whether consent is being used as the correct legal basis for each processing activity. Organisations that use consent as their primary legal basis should conduct consent audits before the DPDP enforcement deadline.

FREE CONSENT AUDIT

DPDP Consent Audit — Validate Your Consent Mechanisms Are Compliant

8 questions. Instant score. Find out if your consent practices meet the Digital Personal Data Protection Act 2023 — before enforcement begins.

✓ 8 Questions ✓ Instant Score & Grade ✓ Top 2 Gaps Identified ✓ No sign-up required
0 of 8 answered

i About Your Organisation

Used to personalise your audit report
QUESTION 1 OF 8 12.5 pts
Do you obtain explicit consent from users before collecting their personal data?
DPDP Act — Section 6(1): Consent must be free, specific, informed, unconditional and unambiguous.
QUESTION 2 OF 8 12.5 pts
Is your consent request separate from your Terms & Conditions (not bundled)?
DPDP Act — Section 6(2): Consent notices must be standalone; bundled T&C consent is void.
QUESTION 3 OF 8 12.5 pts
Can users withdraw consent as easily as they gave it?
DPDP Act — Section 6(4): Withdrawal of consent must be as easy as giving it; effect is prospective.
QUESTION 4 OF 8 12.5 pts
Do you obtain separate consent for each data processing purpose?
DPDP Act — Section 6(1): Consent must be specific to each purpose; blanket/omnibus consent is non-compliant.
QUESTION 5 OF 8 12.5 pts
Do you maintain records of when and how consent was obtained?
DPDP Act — Section 6(6): Data Fiduciaries must be able to demonstrate valid consent was obtained.
QUESTION 6 OF 8 12.5 pts
Do you obtain fresh consent when your processing purposes change?
DPDP Act — Section 6(3): Any change in processing purpose requires new consent from the Data Principal.
QUESTION 7 OF 8 12.5 pts
Are your consent notices in plain, clear language (not only legalese)?
DPDP Act — Section 5 & 6(1): Consent notices must be clear, plain and easily understandable.
QUESTION 8 OF 8 12.5 pts
Do you have a separate consent process for children's data (under 18)?
DPDP Act — Section 9: Processing children's data requires verifiable parental consent; no behavioural tracking of minors.
Free • Instant • No email required
YOUR CONSENT COMPLIANCE SCORE
--
/100
--
Non-compliant consent: up to ₹200 crore under DPDP Act S.33(3)

Section 33(3) of the Digital Personal Data Protection Act 2023 imposes a penalty of up to ₹200 crore for each instance of non-compliant data collection or processing. With enforcement beginning 13 May 2027, closing consent gaps now is business-critical.

⚠ Your Top 2 Consent Gaps

Full Audit Summary

#AreaYour AnswerScore

Unlock Your Full Consent Audit Report

Get a lawyer-reviewed, board-ready PDF with everything you need to fix consent compliance before May 2027 enforcement.

₹2,999 ₹799 + GST
🔒 Secured by Razorpay  |  Instant delivery  |  100% refund if not received

Report on its Way!

Your Consent Audit Report has been sent. You'll receive it within 2 minutes.