What is the deadline for DPDP Act enforcement in India?

Hard enforcement for the Digital Personal Data Protection (DPDP) Act begins on May 13, 2027. The transition window is currently active.

What are the penalties under the DPDP Act?

Penalties range from ₹50 Crores for general violations to ₹250 Crores for failure to take reasonable security safeguards.

How much does DPDP compliance cost?

Market rates for comprehensive DPDP compliance range from ₹3-7 Lakhs for SMEs to ₹15+ Lakhs for enterprises. This includes awareness training, data audit, DPA deep-dive sessions, consent manager setup, and ongoing DPO support.

Does DPDP apply to small businesses?

Yes. The DPDP Act makes no distinction based on turnover. Even if you have 100 customers, if you collect digital personal data, you are a Data Fiduciary and must comply.

What is included in a DPDP compliance workshop?

A DPDP readiness workshop typically includes: understanding the DPDP Act, mapping your tech stack, reviewing data processor agreements, checking consent flows, and creating a clear action plan.

Quick Answer•4 min read

DPDP Compliance for Amazon/Flipkart Sellers: Cost & Steps

Indian Amazon/Flipkart sellers need DPDP compliance. Learn exact steps, what it costs, and how to get ready for the Digital Personal Data Protection Act.

Sushant Pasumarty2 June 2026

DPDP Compliance for Amazon/Flipkart Sellers: Quick Answer

Yes, if you collect or process personal data of Indian consumers, the Digital Personal Data Protection Act (DPDP) applies to you, regardless of whether you sell on Amazon, Flipkart, or your own D2C website. This includes customer names, addresses, phone numbers, and payment details.

As an Amazon or Flipkart seller, you act as a Data Fiduciary for the data you directly collect or access (e.g., shipping addresses for self-fulfilled orders, customer service interactions). The platform itself is also a Data Fiduciary, but your direct obligations remain.

What DPDP Means for E-commerce Sellers Right Now

While the exact enforcement date for DPDP is still being finalized, businesses are expected to prepare proactively. Non-compliance can lead to penalties up to ₹250 crores. Even before fines, customers may start demanding their data rights, and platforms might impose their own compliance requirements.

Sushant Pasamarty, founder of Meridian Bridge Strategy, emphasizes that a 'wait and watch' approach is risky. “E-commerce sellers, especially those with significant transaction volumes, should map their data flows now. Proactive compliance builds trust and avoids future disruptions,” says Sushant.

What E-commerce Sellers Actually Need to Do for DPDP

Your compliance journey as an Amazon/Flipkart seller involves several key steps:

Identify Data Flows: Pinpoint all personal data you collect, receive from platforms, or process (e.g., customer names, addresses, order history, contact numbers). Understand who has access to this data internally and externally.
Review Consent Mechanisms: Ensure you have clear, specific, and revocable consent for every purpose for which you process personal data. This includes marketing communications, order updates, and customer support.
Vendor Due Diligence: Evaluate your third-party vendors (e.g., shipping partners, payment gateways, marketing tools) to ensure they are also DPDP-compliant. Implement Data Processing Agreements (DPAs) where necessary.
Establish Grievance Redressal: Designate a contact person or mechanism for data principals (customers) to exercise their rights (e.g., access, correction, deletion).
Data Security & Breach Protocol: Implement robust security measures to protect personal data from breaches. Have a clear plan for notifying the Data Protection Board of India and affected data principals in case of a breach.

💡 Key Insight: Even if Amazon/Flipkart handle much of the underlying infrastructure, your direct interactions with customers and any data you download or export makes you accountable.

What DPDP Compliance Costs for Amazon/Flipkart Sellers

The cost of DPDP compliance for an Amazon/Flipkart seller varies based on your operational complexity, data volume, and current readiness. Meridian Bridge Strategy offers structured services to meet these needs, building from foundational mapping to full implementation support.

Tier	What it includes	Price range	Duration
Data Mapping	Map every personal data flow: who collects it, where it goes, which vendors touch it	₹1.5L – ₹3L	1-2 weeks
DPDP Readiness Audit	Data Mapping + Gap Analysis (consent, DPAs, grievance, breach, deletion)	₹2L – ₹6L	2-4 weeks
DPDP Workshop	Data Mapping + Gap Analysis + Prioritized Recommendations with a 90-day roadmap	₹5L – ₹10L	4-6 weeks
Full DPDP Consulting	Workshop + Implementation Support + DPO Training + Final Readiness Opinion	₹7L – ₹12L	3-6 months

For most Amazon/Flipkart sellers, starting with a Data Mapping or DPDP Readiness Audit is a practical first step. If your operations involve extensive data processing, international transfers, or a large customer base, a DPDP Workshop or Full DPDP Consulting might be more appropriate.

✅ Pro Tip: Your specific costs will depend on factors like your monthly order volume, number of employees handling customer data, and how many third-party tools (CRMs, marketing automation) you use.

When to Start Your DPDP Compliance Journey

The time to start is now. Waiting for the final rules to be notified could leave your business exposed to significant risks and a rushed, expensive compliance process. Proactive engagement allows for a more thoughtful and cost-effective approach.

Sushant Pasamarty, with his background in e-commerce and identity verification, advises: “The Digital Personal Data Protection Act requires a fundamental shift in how businesses handle customer data. E-commerce sellers need to act decisively to integrate these principles into their operations.”

Next Step: Understand Your Specific DPDP Obligations

To get a clearer picture of your specific DPDP compliance costs and requirements, use the free calculator on dpdpworkshop.com. This tool helps you assess your current state and determine which MBS service tier is the best fit for your Amazon/Flipkart selling business.

Frequently Asked Questions

Am I a Data Fiduciary or Data Processor as an Amazon/Flipkart seller?

As an Amazon/Flipkart seller, you primarily act as a Data Fiduciary for the personal data you directly collect or process (e.g., shipping details for self-fulfilled orders, customer communication). The platform itself is also a Data Fiduciary. You may act as a Data Processor for certain specific tasks if you process data on behalf of another Data Fiduciary under a contract.

Does DPDP apply if I only sell within India and don't export data?

Yes, DPDP applies to businesses processing personal data within India. The Act's focus is on the data of Indian residents, regardless of whether that data is exported or not.

Will Amazon or Flipkart provide DPDP compliance support for sellers?

While platforms like Amazon and Flipkart will manage their own DPDP compliance and may provide some general guidelines, they are unlikely to manage your specific compliance obligations related to how *your business* handles customer data, especially for data you independently collect or process. You are ultimately responsible for your own compliance.

Check Your DPDP Cost

Use the free calculator to estimate your compliance cost. Then book a call with Sushant to scope the right engagement.

Estimate My DPDP Cost →

Or book a call with Sushant →