What is the deadline for DPDP Act enforcement in India?

Hard enforcement for the Digital Personal Data Protection (DPDP) Act begins on May 13, 2027. The transition window is currently active.

What are the penalties under the DPDP Act?

Penalties range from ₹50 Crores for general violations to ₹250 Crores for failure to take reasonable security safeguards.

How much does DPDP compliance cost?

Market rates for comprehensive DPDP compliance range from ₹3-7 Lakhs for SMEs to ₹15+ Lakhs for enterprises. This includes awareness training, data audit, DPA deep-dive sessions, consent manager setup, and ongoing DPO support.

Does DPDP apply to small businesses?

Yes. The DPDP Act makes no distinction based on turnover. Even if you have 100 customers, if you collect digital personal data, you are a Data Fiduciary and must comply.

What is included in a DPDP compliance workshop?

A DPDP readiness workshop typically includes: understanding the DPDP Act, mapping your tech stack, reviewing data processor agreements, checking consent flows, and creating a clear action plan.

Role Guide•3 min read

DPDP Workshop for Sales Teams: Lead Data Compliance

Master DPDP for sales teams. Learn lead data compliance, prevent penalties, and build trust. Expert guidance from Sushant Pasumarty, founder of MBS.

Sushant Pasumarty18 May 2026

DPDP for Sales Teams: What You Need to Know

The Digital Personal Data Protection Act, 2023 (DPDP Act), directly impacts how your sales team acquires, processes, and stores lead data. Non-compliance carries significant penalties. Understanding your obligations ensures trust with potential customers and protects your business from fines up to ₹250 crore.

Sushant Pasumarty, founder of Meridian Bridge Strategy, emphasizes that proactive compliance builds a stronger sales pipeline by establishing your brand as trustworthy. It's not just about avoiding fines; it's about competitive advantage.

What Sales Teams Own Under DPDP

Your sales team acts as a crucial touchpoint for personal data. Their responsibilities include:

Lawful Basis & Consent: Ensuring every lead's personal data is collected with a clear, specific, and unambiguous consent, or another lawful basis. This includes understanding the purpose limitation for data use.
Notice Requirements: Providing a clear, understandable notice to data principals (leads) about what data is collected, why it's collected, and how it will be used.
Data Accuracy & Minimisation: Collecting only necessary data for the stated purpose and maintaining its accuracy. Outdated or irrelevant lead data should be periodically reviewed.
Data Principal Rights: Understanding and facilitating requests from data principals, such as the right to access, correct, or erase their personal data.
Data Security: Adhering to organizational security policies to protect lead data from breaches, unauthorized access, or misuse.

DPDP Tip for Sales: Implement clear consent collection processes at every lead generation touchpoint – website forms, cold outreach, event registrations. Documenting consent is critical.

Top 5 DPDP Gaps for Sales Teams

Based on our work with Indian businesses, here are common areas where sales teams often fall short on DPDP compliance:

Ambiguous Consent Language: Generic checkboxes like “I agree to terms” are insufficient. Consent must be for specific purposes.
Lack of Notice for Acquired Leads: For leads obtained through third-party lists or partnerships, a clear notice about data processing is often missing.
Indefinite Data Retention: Storing lead data indefinitely without a defined retention policy and automated deletion schedule.
Inconsistent Opt-out Processes: Difficulty for data principals to easily withdraw consent or opt-out from communications.
Insufficient Training: Sales personnel not fully aware of their DPDP obligations, leading to unintentional violations in data handling or communication.

Cost to Fix: MBS DPDP Services

Meridian Bridge Strategy offers structured services to help your sales team and broader organization achieve DPDP compliance. Pricing depends on your organization's complexity and data volume.

Tier	Includes	Price	Duration
Data Mapping	Map every personal data flow	₹1.5L – ₹3L	1-2 weeks
DPDP Readiness Audit	Data Mapping + Gap Analysis	₹2L – ₹6L	2-4 weeks
DPDP Workshop	Audit + Recommendations + 90-day roadmap	₹5L – ₹10L	4-6 weeks
Full DPDP Consulting	Workshop + Implementation + DPO + Readiness Opinion	₹7L – ₹12L	3-6 months

A DPDP Workshop, starting at ₹5L, provides your sales leadership with a clear roadmap, specific recommendations, and a 90-day action plan to close critical compliance gaps.

Questions to Ask Your Sales Technology Vendors

Your CRM, marketing automation, and lead generation tools are central to sales operations. Ensure they support DPDP compliance by asking:

How do you facilitate clear consent collection and management?
Can we easily track and record consent withdrawal?
What data retention and deletion features do you offer?
How do you support data principal rights requests (e.g., access, rectification)?
What security measures are in place to protect our lead data?
Do you have data processing agreements (DPAs) or similar contracts that align with DPDP principles?

Next Steps: Empower Your Sales Team with DPDP Knowledge

Achieving DPDP compliance for your sales team is an ongoing process. Start by understanding your current data flows and identifying potential risks. Sushant Pasumarty and the MBS team can guide you through this process efficiently.

Actionable Step: Consider a DPDP Workshop to specifically address sales-related data compliance challenges. This will provide your team with the knowledge and tools to operate confidently and compliantly.

Frequently Asked Questions

Does DPDP apply to cold outreach and lead generation?

Yes, DPDP applies to all collection and processing of personal data, including data acquired through cold outreach, lead generation forms, and third-party lists. You must have a lawful basis (e.g., consent) and provide notice to the data principal.

What is 'consent' under DPDP for sales teams?

Consent under DPDP must be free, specific, informed, unambiguous, and signified by an affirmative action. For sales, this means clear opt-ins for specific types of communication and data use, not pre-ticked boxes or implied consent.

Can we still buy lead lists under DPDP?

Buying lead lists is permissible, but the responsibility for DPDP compliance lies with your organization as the Data Fiduciary. You must ensure the data was collected lawfully by the vendor and provide a notice to the data principals upon first contact, informing them of the processing.

What are the penalties for DPDP non-compliance related to sales data?

Non-compliance with DPDP can result in significant financial penalties. For example, failure to fulfill the obligation to protect personal data can lead to a penalty of up to ₹250 crore per instance.

Talk to Sushant About Your DPDP Needs

Book a 30-minute call to discuss your compliance requirements and get a clear next step.

Book a Call with Sushant →

Or estimate your cost first →