Notice to Data Principals
Description
Data fiduciary must provide notice in clear and plain language at or before processing.
⚠️ Risk Impact
Notice that's incomplete or buried in legalese fails DPDP. Notice must include purposes, contact, withdrawal mechanism, grievance procedure.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as high-severity findings with remediation guidance.
🔧 Remediation
Layered notice (short + detailed). Hindi + English minimum (other Indian languages where applicable). Surfaced at collection point.
💀 Real-World Attack Scenario
A SaaS company's Indian privacy notice was English-only + buried in T&Cs. DPDP audit: notice violation; ₹40 crore penalty + ordered translation + UX revision.
💰 Cost of Non-Compliance
Notice violations: ₹50-₹250 crore.
📋 Audit Questions
- 1.Notice in Hindi + English?
- 2.Surfaced at collection point?
- 3.Plain-language assessment?
⚡ Common Pitfalls
- ⛔English-only for global services
- ⛔Notice buried in T&Cs
- ⛔Legal jargon overrides 'plain language'
📈 Business Value
Clear notice is foundational to DPDP compliance.
⏱️ Effort Estimate
Per-product review + translation
EchelonGraph tracks PII collection points + flags notice gaps
🔗 Cross-Framework References
Automate DPDP Act DPDP-2 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →