DPDP Gap Analysis Report: What to Expect & Costs
Understand the DPDP Gap Analysis Report from MBS: what it includes, deliverables, and costs (₹2L–₹6L). Expert insights from Sushant Pasamarty.
DPDP Gap Analysis Report: What To Expect
A DPDP Gap Analysis Report provides a clear picture of where your Indian business stands against the requirements of the Digital Personal Data Protection Act (DPDP Act). Sushant Pasamarty, founder of Meridian Bridge Strategy (MBS), designed this report to highlight discrepancies between your current data protection practices and mandatory DPDP obligations.
This deliverable is a core component of MBS's DPDP Readiness Audit service, which typically ranges from ₹2L – ₹6L and takes 2-4 weeks. It follows an initial data mapping exercise, identifying specific areas needing attention before full compliance.
What the DPDP Gap Analysis Report Covers
The report doesn't just list issues; it categorizes them and provides context. Sushant and his team focus on critical areas defined by the DPDP Act.
- Consent Management Gaps: Identifies where your current consent mechanisms fall short of DPDP's requirements for explicit, informed, and easily withdrawable consent. This includes assessing consent notices, user interfaces, and consent records.
- Data Principal Rights Deficiencies: Reviews processes for handling data principal requests regarding access, correction, erasure, and grievance redressal. The report flags missing procedures or inadequate response times.
- Data Protection Agreements (DPAs) Review: Examines existing contracts with third-party vendors and data processors. It highlights where DPAs need to be updated or created to reflect DPDP obligations, especially concerning data processing instructions and liability.
- Data Breach Notification Procedures: Assesses your current incident response plan against DPDP's 72-hour notification requirement to the Data Protection Board of India and affected data principals. It points out missing steps or unclear responsibilities.
- Purpose Limitation & Data Minimisation: Evaluates whether personal data collection aligns strictly with stated purposes and if excessive data is being processed. Gaps here indicate over-collection or unclear data retention policies.
- Grievance Redressal Mechanisms: Checks the adequacy of your designated Data Protection Officer (DPO) or Grievance Officer, their contact information, and the process for data principals to lodge complaints.
- Retention and Deletion Policies: Reviews current data retention schedules to ensure they align with the DPDP principle of retaining data only for the necessary purpose. It identifies gaps in secure deletion protocols.
What You Walk Away With
Upon completion, you receive a comprehensive report designed for action, authored by Sushant Pasamarty.
- Detailed Gap Analysis Report: A structured document outlining specific areas of non-compliance, citing relevant DPDP Act sections.
- Severity Assessment: Each identified gap is categorized by its potential risk and impact on your business's DPDP compliance posture.
- Executive Summary: A high-level overview for founders and CXOs, summarizing key findings and critical risks without deep technical jargon.
- Recommendations for Remediation (High-Level): While detailed roadmaps come with the DPDP Workshop, the Gap Analysis Report provides initial, high-level suggestions for addressing each identified gap.
Who This Is For
The DPDP Gap Analysis Report is ideal for Indian founders, CXOs, CTOs, HR heads, and compliance officers who have conducted some initial data mapping or have a general understanding of their data flows but need an expert evaluation against DPDP requirements. It's for businesses serious about understanding their compliance posture before investing in full-scale implementation.
What the DPDP Gap Analysis Report Costs (MBS Tier Mapping)
The DPDP Gap Analysis Report is a key deliverable within the DPDP Readiness Audit service offered by Meridian Bridge Strategy.
| MBS Service Tier | What it includes (relevance to Gap Analysis) | Price Range | Duration |
|---|---|---|---|
| Data Mapping | *Foundation for Gap Analysis; not included in this report specifically* | ₹1.5L – ₹3L | 1-2 weeks |
| DPDP Readiness Audit | Data Mapping + Gap Analysis (consent, DPAs, grievance, breach, deletion) | ₹2L – ₹6L | 2-4 weeks |
| DPDP Workshop | Data Mapping + Gap Analysis + Prioritized Recommendations with a 90-day roadmap | ₹5L – ₹10L | 4-6 weeks |
| Full DPDP Consulting | Workshop + Implementation Support + DPO Training + Final Readiness Opinion | ₹7L – ₹12L | 3-6 months |
The cost variation within the ₹2L – ₹6L range for the DPDP Readiness Audit (which includes the Gap Analysis Report) depends on factors like the volume and complexity of your personal data processing, the number of systems involved, and the maturity of your existing data protection practices.
What the DPDP Gap Analysis Report Does NOT Include
To set clear expectations, it's important to understand what the Gap Analysis Report, as part of the DPDP Readiness Audit, does not provide:
- Detailed Remediation Roadmaps: While high-level suggestions are provided, a granular, prioritized 90-day implementation roadmap is part of the DPDP Workshop service.
- Implementation Support: This service is purely diagnostic. MBS does not update your systems, re-draft policies, or implement technical controls at this stage. That falls under Full DPDP Consulting.
- Legal Advice or Opinions: The report provides a compliance assessment based on Sushant Pasamarty's expertise in DPDP implementation, but it is not a substitute for legal counsel.
- DPO Training: Specialized training for your Data Protection Officer is offered as part of the Full DPDP Consulting package.
Next Step: Understand Your DPDP Gaps
If you need a precise understanding of your DPDP compliance gaps and the specific areas requiring attention, the DPDP Readiness Audit with its comprehensive Gap Analysis Report is your starting point. Use our free online calculator to estimate your costs, then connect with Sushant Pasamarty to discuss your specific needs.
Frequently Asked Questions
How does the DPDP Gap Analysis Report differ from Data Mapping?
Data Mapping (₹1.5L – ₹3L) identifies and documents all personal data flows within your organization. The DPDP Gap Analysis Report takes this mapped data and compares your existing practices against the specific requirements of the DPDP Act, highlighting areas of non-compliance. Data Mapping is a prerequisite for a meaningful Gap Analysis.
Can I get just the DPDP Gap Analysis Report without the full Readiness Audit?
The DPDP Gap Analysis Report is an integral deliverable of MBS's DPDP Readiness Audit (₹2L – ₹6L). For the report to be accurate and actionable, it requires the foundational work of Data Mapping, which is included in the Readiness Audit service. Therefore, it is not offered as a standalone service.
What level of detail do the 'high-level recommendations' in the report provide?
The high-level recommendations identify *what* needs to be addressed for each gap (e.g., 'Update consent mechanisms for marketing data'). They do not provide *how* to implement these changes, such as specific technical steps, policy drafts, or a phased implementation plan. Detailed 'how-to' roadmaps are delivered with the <a href='/learn/dpdp-workshop-full-deliverables-cost-mbs-guide'>DPDP Workshop</a>.
Related Guides
DPDP Readiness Workshop: Find and Fix Gaps
Run a DPDP readiness workshop with MBS. Find data gaps, prioritise fixes, and turn the audit into a 90-day compliance roadmap.
DPDP Data Mapping Service: What It Includes & Costs (MBS)
Understand what DPDP Data Mapping includes, specific deliverables, and costs (₹1.5L – ₹3L) from Meridian Bridge Strategy.
DPDP Readiness Audit: What You Get & Costs (MBS)
Understand what MBS's DPDP Readiness Audit includes, what you get, who it's for, and costs from ₹2L–₹6L. Expert insights from Sushant Pasamarty.
Talk to Sushant About Your DPDP Needs
Book a 30-minute call to discuss your compliance requirements and get a clear next step.
Book a Call with Sushant →