What is the deadline for DPDP Act enforcement in India?

Hard enforcement for the Digital Personal Data Protection (DPDP) Act begins on May 13, 2027. The transition window is currently active.

What are the penalties under the DPDP Act?

Penalties range from ₹50 Crores for general violations to ₹250 Crores for failure to take reasonable security safeguards.

How much does DPDP compliance cost?

Market rates for comprehensive DPDP compliance range from ₹3-7 Lakhs for SMEs to ₹15+ Lakhs for enterprises. This includes awareness training, data audit, DPA deep-dive sessions, consent manager setup, and ongoing DPO support.

Does DPDP apply to small businesses?

Yes. The DPDP Act makes no distinction based on turnover. Even if you have 100 customers, if you collect digital personal data, you are a Data Fiduciary and must comply.

What is included in a DPDP compliance workshop?

A DPDP readiness workshop typically includes: understanding the DPDP Act, mapping your tech stack, reviewing data processor agreements, checking consent flows, and creating a clear action plan.

City + Industry Guide•4 min read

DPDP Workshop Cost for InsurTech in Mumbai: MBS Guide

Estimate DPDP compliance workshop costs for Mumbai InsurTechs. Sushant Pasamarty of MBS details Data Mapping, Audit, Workshop, & Full Consulting tiers.

Sushant Pasumarty25 May 2026

DPDP Compliance Workshop Cost for InsurTech in Mumbai

InsurTech companies in Mumbai face unique DPDP compliance challenges due to the volume and sensitivity of personal financial and health data they process. Determining the exact cost for a DPDP workshop depends on your company's size, complexity of data flows, and existing privacy infrastructure.

For a typical InsurTech in Mumbai, a DPDP Workshop engagement from Meridian Bridge Strategy (MBS) is often the most suitable starting point, costing between ₹5 Lakhs and ₹10 Lakhs. This tier provides a detailed understanding of your gaps and a clear roadmap for implementation.

Why InsurTech in Mumbai Faces Specific DPDP Challenges

Mumbai's InsurTech sector handles a high volume of Personally Identifiable Information (PII) including health records, financial transactions, claims data, and KYC information. The digital-first nature of these businesses means extensive data collection and sharing with multiple third-party service providers, from underwriting algorithms to claims processors and re-insurers.

Sensitive Data Volume: InsurTechs routinely process health and financial data, classified as sensitive personal data under DPDP, requiring stricter consent and security protocols.
Complex Data Ecosystems: Integrations with legacy insurance systems, health networks, payment gateways, and analytics platforms create intricate data flows difficult to map.
Third-Party Vendor Risk: Reliance on numerous vendors for analytics, cloud storage, and claims processing means managing DPAs and ensuring vendor compliance is critical.
Consent Management: Obtaining and managing granular, verifiable consent for various data uses, especially across different insurance products, is complex.

MBS DPDP Service Tiers: Costs for Mumbai InsurTechs

Meridian Bridge Strategy (MBS), led by Sushant Pasamarty, offers productized DPDP services to help Mumbai InsurTechs achieve compliance. Each tier builds on the previous one, offering increasing levels of support and depth.

Tier	What it includes for InsurTechs	Price Range	Duration
Data Mapping	Identify all personal data collected (applicants, policyholders, claimants), where it's stored, and which vendors (e.g., aggregators, hospitals, payment processors) touch it. Focus on policy application, claims, and underwriting data flows.	₹1.5L – ₹3L	1-2 weeks
DPDP Readiness Audit	Data Mapping + Gap Analysis specific to InsurTech operations (e.g., consent mechanisms for health data, DPAs with broker networks, grievance redressal for policyholders, breach notification protocols for financial fraud, data deletion for lapsed policies).	₹2L – ₹6L	2-4 weeks
DPDP Workshop	Data Mapping + Gap Analysis + Prioritized Recommendations tailored for InsurTechs, including a 90-day roadmap for consent updates, DPA revisions, internal process changes for data principal rights, and specific security recommendations.	₹5L – ₹10L	4-6 weeks
Full DPDP Consulting	Workshop + Implementation Support + DPO Training (e.g., for an in-house compliance lead) + Final Readiness Opinion. Ongoing support for vendor compliance, incident response plan development, and policy updates.	₹7L – ₹12L	3-6 months

💡 Key Insight: The sensitive nature of health and financial data in InsurTech means that even smaller firms often require a comprehensive DPDP Readiness Audit or a DPDP Workshop to properly identify and mitigate risks beyond just mapping data.

Common DPDP Mistakes InsurTechs Make

Generic Consent: Using broad consent forms that don't differentiate between data uses for policy underwriting, claims processing, and marketing. DPDP requires specific, informed consent.
Ignoring Third-Party Risk: Assuming vendors are compliant without conducting due diligence or updating Data Processing Agreements (DPAs) to reflect DPDP requirements.
Data Retention Oversights: Retaining policyholder or applicant data beyond legal or business necessity, increasing exposure to breach risks and deletion requests.
Lack of Data Principal Rights Mechanisms: Not having clear, accessible processes for policyholders to exercise their right to access, correct, or erase their data.
Inadequate Breach Response: Not having a tested plan for responding to data breaches, especially with the 72-hour notification timeline for the Data Protection Board of India (DPBI).

✅ Pro Tip: For InsurTechs specifically, review your data retention policies against IRDAI guidelines and DPDP requirements. Over-retention is a common and costly compliance risk.

What the DPDP Workshop Delivers for Your Mumbai InsurTech

The MBS DPDP Workshop, led by Sushant Pasamarty, founder of Meridian Bridge Strategy, is designed to give Mumbai InsurTechs a practical path to compliance. It moves beyond identifying gaps to providing actionable solutions.

Comprehensive Data Mapping: A clear inventory of all personal data, its lifecycle from collection (e.g., application forms, claims) to deletion, and every system and third-party involved.
Tailored Gap Analysis: Identification of specific areas where your current practices for consent, data security, data principal rights, and vendor management fall short of DPDP.
Prioritized Recommendations: A list of concrete steps to achieve compliance, ranked by impact and urgency, focusing on high-risk areas like sensitive data handling and third-party data sharing.
90-Day Implementation Roadmap: A practical plan outlining tasks, timelines, and responsibilities to guide your internal team in implementing the recommendations.

Sushant brings experience building products in identity verification and cybersecurity at IDfy and CyberArk, directly relevant to the data security and identity challenges in InsurTech. His Master's from IE Business School and CS from BITS Pilani provide a strong foundation for understanding both the strategic and technical aspects of data privacy.

Your Next Step: Understand Your Specific DPDP Cost

Every InsurTech's data landscape is unique. To get a more precise estimate for your Mumbai-based InsurTech, use our free online DPDP cost calculator. This tool helps you assess which MBS service tier, from Data Mapping to Full DPDP Consulting, best fits your current needs and complexity.

After using the calculator, consider booking a direct consultation with Sushant Pasamarty to discuss your specific challenges and how Meridian Bridge Strategy can support your DPDP journey.

For a deeper dive into specific compliance aspects, explore our resources on DPDP Vendor Risk Assessment or DPDP Data Breach Response.

Frequently Asked Questions

Why is DPDP compliance more complex for InsurTechs compared to other industries?

InsurTechs deal with a high volume of sensitive personal data, including health and financial information. This requires stricter consent management, more robust security measures, and careful handling of data shared with a complex network of third-party service providers, making compliance intricate.

Does a 'DPDP Workshop' from MBS include updating my privacy policy?

While the DPDP Workshop identifies gaps in your current privacy policy and provides recommendations, direct policy drafting or legal review is typically part of the 'Full DPDP Consulting' tier or can be scoped as an additional service. The Workshop provides the foundation for policy updates.

How does DPDP affect InsurTechs using AI/ML for underwriting or claims processing?

DPDP mandates transparency and accountability for automated decision-making. InsurTechs using AI/ML must ensure data principals are aware of how their data is used in these systems, have clear consent mechanisms, and provide avenues for grievances, aligning with the 'right to correction and erasure' and other data principal rights.

Check Your DPDP Cost for InsurTech

Use the free calculator to estimate your compliance cost. Then book a call with Sushant to scope the right engagement for your Mumbai InsurTech.

Estimate My DPDP Cost →

Or book a call with Sushant →