How does EchelonGraph detect DPDP Act DPDP-3 violations?

EchelonGraph automatically detects DPDP Act DPDP-3 violations using scanner rule DPDP-003. The scanner checks cloud infrastructure configurations in real-time and flags non-compliant resources.

What audit questions are asked for DPDP Act DPDP-3?

Granular consent per purpose? Withdrawal mechanism? Records retention?

🇮🇳DPDP Act DPDP-3Rule: DPDP-003high

Consent Management

Description

Consent must be free, specific, informed, unconditional, unambiguous, and revocable.

⚠️ Risk Impact

DPDP consent standards are stricter than older regimes. Pre-checked boxes, bundled consent, or consent buried in T&Cs all fail.

🔍 How EchelonGraph Detects This

DPDP-003Automated scanner rule

EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as high-severity findings with remediation guidance.

🔧 Remediation

Granular consent (separate purposes). Consent records (timestamp, scope, mechanism). Easy withdrawal. Indian languages.

💀 Real-World Attack Scenario

An app required bundled consent for marketing + analytics + sharing. DPDP audit: ₹65 crore penalty + ordered unbundling.

💰 Cost of Non-Compliance

Consent violations: ₹50-₹250 crore.

📋 Audit Questions

1.Granular consent per purpose?
2.Withdrawal mechanism?
3.Records retention?

⚡ Common Pitfalls

⛔Pre-checked boxes (explicitly prohibited)
⛔Bundled consent
⛔Withdrawal harder than acceptance

📈 Business Value

Compliant consent UX + customer trust.

⏱️ Effort Estimate

Manual

UX redesign + records system

With EchelonGraph

EchelonGraph integrates with consent management platforms

🔗 Cross-Framework References

GDPR-Art7

Automate DPDP Act DPDP-3 compliance

EchelonGraph continuously monitors this control across all your cloud accounts.

Start Free →