How does EchelonGraph detect DPDP Act DPDP-15 violations?

EchelonGraph automatically detects DPDP Act DPDP-15 violations using scanner rule DPDP-015. The scanner checks cloud infrastructure configurations in real-time and flags non-compliant resources.

What audit questions are asked for DPDP Act DPDP-15?

HR-data purposes documented? Access restricted? Retention?

🇮🇳DPDP Act DPDP-15Rule: DPDP-015medium

Employee Data Lawful Use

Description

Employee personal data may be processed only for legitimate employment purposes.

⚠️ Risk Impact

HR-data processing without explicit purpose limitation is DPDP-actionable.

🔍 How EchelonGraph Detects This

DPDP-015Automated scanner rule

EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as medium-severity findings with remediation guidance.

🔧 Remediation

Document HR data processing purposes. Restrict access by need-to-know. Apply retention limits.

💀 Real-World Attack Scenario

A company processed employee performance data for 'analytics' purposes (not employment-required). DPDP enforcement: ₹25 crore + ordered cessation.

💰 Cost of Non-Compliance

HR-data violations: ₹10-₹50 crore.

📋 Audit Questions

1.HR-data purposes documented?
2.Access restricted?
3.Retention?

⚡ Common Pitfalls

⛔HR data over-collected
⛔Analytics use without explicit purpose

📈 Business Value

Compliant HR-data handling reduces internal regulatory risk.

⏱️ Effort Estimate

Manual

HR data audit

With EchelonGraph

EchelonGraph integrates with HRIS for purpose tracking

🔗 Cross-Framework References

GDPR-Art6

Automate DPDP Act DPDP-15 compliance

EchelonGraph continuously monitors this control across all your cloud accounts.

Start Free →