What is the deadline for DPDP Act enforcement in India?

Hard enforcement for the Digital Personal Data Protection (DPDP) Act begins on May 13, 2027. The transition window is currently active.

What are the penalties under the DPDP Act?

Penalties range from ₹50 Crores for general violations to ₹250 Crores for failure to take reasonable security safeguards.

How much does DPDP compliance cost?

Market rates for comprehensive DPDP compliance range from ₹3-7 Lakhs for SMEs to ₹15+ Lakhs for enterprises. This includes awareness training, data audit, DPA deep-dive sessions, consent manager setup, and ongoing DPO support.

Does DPDP apply to small businesses?

Yes. The DPDP Act makes no distinction based on turnover. Even if you have 100 customers, if you collect digital personal data, you are a Data Fiduciary and must comply.

What is included in a DPDP compliance workshop?

A DPDP readiness workshop typically includes: understanding the DPDP Act, mapping your tech stack, reviewing data processor agreements, checking consent flows, and creating a clear action plan.

Role Guide•3 min read

DPDP for Marketing Teams: Consent & Campaigns

Indian marketing teams need DPDP. Learn consent management, compliant campaigns, and how MBS's workshops provide a 90-day roadmap. Avoid penalties.

Sushant Pasumarty18 May 2026

DPDP for Marketing Teams: What You Need to Know

The Digital Personal Data Protection Act (DPDP Act) significantly impacts how marketing teams collect, use, and process personal data in India. Your team is responsible for obtaining valid consent, ensuring transparency, and managing data principal rights for every marketing initiative. Non-compliance can lead to substantial penalties and reputational damage.

Sushant Pasumarty, founder of Meridian Bridge Strategy (MBS), has observed that many marketing teams underestimate the operational changes required by the DPDP Act. A proactive approach is crucial for maintaining customer trust and avoiding regulatory scrutiny.

What Marketing Teams Own Under DPDP

Your marketing department is a primary data fiduciary, directly interacting with data principals. This means specific responsibilities fall squarely on your shoulders:

Consent Management: Obtaining explicit, informed, and withdrawable consent for every data processing activity, from email newsletters to personalized ad campaigns.
Data Principal Rights: Facilitating requests for access, correction, or erasure of personal data, and managing consent withdrawals promptly.
Data Minimisation: Ensuring only necessary personal data is collected for specific marketing purposes.
Data Breach Notification: Understanding the protocol for reporting data breaches that affect marketing databases.
Transparency Notices: Crafting clear and accessible privacy notices that inform data principals about data usage.

MBS’s DPDP Workshop specifically addresses these core responsibilities, providing actionable strategies for your team.

Top 5 DPDP Gaps for Marketing Teams

Based on engagements with various Indian businesses, Sushant Pasumarty identifies common compliance gaps within marketing operations:

Outdated Consent Mechanisms: Many platforms still rely on implied consent or pre-checked boxes, which are non-compliant with DPDP's explicit consent requirement.
Inadequate Consent Records: Lack of verifiable audit trails for when, how, and for what purpose consent was obtained and withdrawn.
Poor Data Inventory for Marketing: Marketers often don't have a clear, documented understanding of all personal data they collect and its specific processing purpose.
Ignoring Data Principal Requests: Slow or non-existent processes for handling opt-out requests, data access requests, or consent withdrawals.
Vendor Non-Compliance: Engaging third-party marketing agencies or ad-tech platforms without verifying their DPDP readiness, creating a significant liability.

MBS Tip: Integrate consent management directly into your CRM or marketing automation platforms to streamline compliance and record-keeping.

Cost to Fix DPDP Gaps: MBS Productized Services

Meridian Bridge Strategy offers structured services to help your marketing team and the wider organization achieve DPDP compliance. Here are the price ranges and durations for MBS's productized offerings:

Tier	Includes	Price	Duration
Data Mapping	Map every personal data flow	₹1.5L – ₹3L	1-2 weeks
DPDP Readiness Audit	Data Mapping + Gap Analysis	₹2L – ₹6L	2-4 weeks
DPDP Workshop	Audit + Recommendations + 90-day roadmap	₹5L – ₹10L	4-6 weeks
Full DPDP Consulting	Workshop + Implementation + DPO + Readiness Opinion	₹7L – ₹12L	3-6 months

Why the DPDP Workshop? This tier is ideal for marketing teams needing actionable strategies. It includes a tailored 90-day roadmap focusing on consent management, campaign compliance, and data principal rights.

Key Questions for Your Marketing Tech Vendors

Your marketing technology stack is critical for DPDP compliance. Before partnering or renewing, ask these direct questions:

How do you facilitate explicit, granular consent capture and management in compliance with DPDP?
What audit trails do you provide for consent records, including timestamps and terms accepted?
Can your platform handle data principal requests (access, correction, erasure, consent withdrawal) efficiently and automatically?
Where is the personal data stored and processed? Is it within India, and what security measures are in place?
Do you offer a Data Processing Addendum (DPA) that explicitly addresses DPDP requirements?

Next Steps for Marketing Leaders

Proactive engagement with DPDP is not just about avoiding penalties; it's about building trust with your customers. Start by understanding your current data flows and identifying immediate consent gaps. A structured approach, like the DPDP Workshop offered by MBS, can provide your marketing team with the knowledge and tools needed to drive compliant and effective campaigns.

Explore our resources for CXOs or learn about DPDP for HR Heads to understand company-wide implications.

Frequently Asked Questions

What is the biggest DPDP challenge for marketing teams?

The biggest challenge is moving from implied or generic consent to explicit, informed, and granular consent for every marketing activity involving personal data. This requires significant changes to data collection forms and record-keeping.

Will DPDP impact my current ad campaigns?

Yes. If your ad campaigns rely on collecting personal data without explicit consent or use data for purposes not disclosed, they will likely need to be revised. This includes retargeting, personalized ads, and lookalike audiences if the underlying data wasn't collected compliantly.

How can MBS help our marketing team with DPDP?

MBS, led by Sushant Pasumarty, offers a DPDP Workshop specifically tailored for teams. This includes an audit of marketing data flows, recommendations for compliant consent mechanisms, and a 90-day roadmap to implement necessary changes and train your team.

Talk to Sushant About Your DPDP Needs

Book a 30-minute call to discuss your compliance requirements and get a clear next step.

Book a Call with Sushant →

Or estimate your cost first →