What is DPDP Act DPDP-17?

DPDP Act DPDP-17 (Easy Consent Withdrawal) requires: Withdrawal of consent must be as easy as giving it. This is a high-severity control.

How does EchelonGraph detect DPDP Act DPDP-17 violations?

EchelonGraph automatically detects DPDP Act DPDP-17 violations using scanner rule DPDP-017. The scanner checks cloud infrastructure configurations in real-time and flags non-compliant resources.

🇮🇳DPDP Act DPDP-17Rule: DPDP-017high

Easy Consent Withdrawal

Description

Withdrawal of consent must be as easy as giving it.

⚠️ Risk Impact

Withdrawal friction (multi-step processes, confirmation emails, support ticket requirements) fails DPDP.

🔍 How EchelonGraph Detects This

DPDP-017Automated scanner rule

EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as high-severity findings with remediation guidance.

🔧 Remediation

One-click withdrawal. Real-time enforcement. Cross-channel suppression.

💀 Real-World Attack Scenario

A retailer required users to email support to withdraw consent (compared to one-click acceptance). DPDP enforcement: ₹35 crore + ordered UX revision.

💰 Cost of Non-Compliance

Consent-withdrawal violations: ₹10-₹50 crore.

📋 Audit Questions

1.One-click withdrawal?
2.Real-time enforcement?
3.Cross-channel suppression?

⚡ Common Pitfalls

⛔Withdrawal friction by design
⛔Channel-specific suppression

📈 Business Value

Compliant withdrawal supports DPB defensibility + customer trust.

⏱️ Effort Estimate

Manual

UX revision

With EchelonGraph

EchelonGraph integrates with consent platforms

🔗 Cross-Framework References

GDPR-Art7

Automate DPDP Act DPDP-17 compliance

EchelonGraph continuously monitors this control across all your cloud accounts.

Start Free →