How does EchelonGraph detect DPDP Act DPDP-5 violations?

EchelonGraph automatically detects DPDP Act DPDP-5 violations using scanner rule DPDP-005. The scanner checks cloud infrastructure configurations in real-time and flags non-compliant resources.

What audit questions are asked for DPDP Act DPDP-5?

Retention periods documented? Automated deletion? Cryptographic erasure?

🇮🇳DPDP Act DPDP-5Rule: DPDP-005medium

Data Retention Limitation

Description

Personal data must not be retained beyond purpose or contractual period; deleted when consent withdrawn.

⚠️ Risk Impact

Over-retention creates breach amplification + DPDP liability.

🔍 How EchelonGraph Detects This

DPDP-005Automated scanner rule

EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as medium-severity findings with remediation guidance.

🔧 Remediation

Documented retention per category. Automated deletion via lifecycle rules. Cryptographic erasure where applicable.

💀 Real-World Attack Scenario

A retailer retained customer payment data for 8 years 'in case of dispute'. Breach exposed full 8 years. DPDP enforcement: over-retention violation + ₹85 crore penalty.

💰 Cost of Non-Compliance

Retention violations: ₹50-₹100 crore.

📋 Audit Questions

1.Retention periods documented?
2.Automated deletion?
3.Cryptographic erasure?

⚡ Common Pitfalls

⛔Retention 'just to be safe'
⛔Soft delete without purge

📈 Business Value

Minimized retention reduces breach scope + regulatory exposure.

⏱️ Effort Estimate

Manual

Retention policy + lifecycle rules

With EchelonGraph

EchelonGraph monitors retention compliance

🔗 Cross-Framework References

GDPR-Art17

Automate DPDP Act DPDP-5 compliance

EchelonGraph continuously monitors this control across all your cloud accounts.

Start Free →