Home

The Digital Personal Data Protection Act (DPDPA), 2023 is India's comprehensive data protection law governing the collection, processing, and protection of digital personal data. The Act applies to organizations processing personal data within India and to entities outside India offering goods or services to individuals in India.

ManageEngine's Endpoint Central helps organizations operationalize DPDPA requirements through centralized endpoint security, encryption, access control, vulnerability management, device control, and compliance monitoring across Windows, macOS, Linux, and mobile devices.

  • Why Endpoint Central
  • Scope of DPDPA
  • Endpoint Central mapping
  • Penalties & Enforcement

Why Choose Endpoint Central for DPDPA Compliance?

  • Comprehensive Data Protection
  • Granular Access & Identity Controls
  • Breach Prevention & Rapid Response

Endpoint Central's Data Loss Prevention discovers and classifies personal data across endpoints, then enforces policies restricting transfers via email, cloud, clipboard, and peripheral devices. BitLocker for Windows, FileVault for macOS, and native MDM encryption for Android and iOS secure personal data at rest.

dpdpa-compliance-dashboard-1

Enforce least-privilege access with endpoint privilege management, just-in-time elevation, and conditional access policies. Role-based access control and multi-factor authentication on the Endpoint Central console reduce the risk of internal exposure.

dpdpa-compliance-dashboard-2

Continuous vulnerability assessment, automated patching, and an integrated next-generation antivirus engine reduce the likelihood of a personal data breach. If an incident occurs, endpoint quarantine, instant non-erasable backups, and remote wipe support timely containment, recovery, and breach notification.

dpdpa-compliance-dashboard-3

SEE ALL FEATURES

Scope of DPDPA

  • Applies to all digital personal data processed within India, including data originally collected in physical form and later digitised.
  • Extends extraterritorially to processing outside India that is in connection with offering goods or services to Data Principals in India.
  • Applies horizontally across public and private sectors, with limited exemptions for specific governmental and research purposes.
  • Cross-border transfers are permitted except to countries restricted by the Central Government through notification.

Endpoint Central mapping to DPDPA, 2023

We have mapped Endpoint Central capabilities to the security and data protection obligations introduced under the Digital Personal Data Protection Act (DPDPA), 2023. This mapping demonstrates how Endpoint Central helps organizations strengthen endpoint security, enforce access controls, manage vulnerabilities, and support secure handling of digital personal data.

DPDPA RequirementHow Endpoint Central helps

Encryption of personal data (Rule 6(a))

BitLocker management for Windows, FileVault for macOS, and native encryption profiles for Android and iOS via MDM.

Access controls on computer resources (Rule 6(b))

Role-based access control, conditional access, application allow/blocklisting, and endpoint privilege management with just-in-time access.

Logging and detection of unauthorised access (Rule 6(c))

User logon tracking, comprehensive audit reports, browser security insights, and SIEM integration with Log360, Splunk, and others.

Backups and continuity (Rule 6(d))

Patented anti-ransomware engine that creates instant, non-erasable backups every three hours via Microsoft's Volume Shadow Copy Service, enabling one-click restoration of compromised files.

Equivalent safeguards on Data Processors (Rule 6(e))

Granular permission management, terms of use enforcement, and policy inheritance for managed endpoints used by Data Processors operating on behalf of the Data Fiduciary.

Technical and organisational measures (Rule 6(f))

Risk-based vulnerability management, automated patching for OS and 850+ third-party applications, security configuration management, and the Data Protection Officer Dashboard.

Accuracy of personal data (Sec. 8(3))

Centralised inventory and asset management, and configuration enforcement help maintain consistent and reliable endpoint data feeding business decisions.

Breach detection & notification (Sec. 8(6))

Real-time alerts on suspicious activity, next-gen antivirus behavioural detection, and endpoint quarantine support timely identification of breaches and intimation to the Data Protection Board.

Data erasure (Sec. 8(7))

Remote wipe, selective wipe of corporate data on BYOD devices, and removal of containerised data upon consent withdrawal or fulfilment of purpose.

Consent and processor agreements (Sec. 8(2))

Terms of use documents deployed to user devices capture acceptance prior to management, supporting verifiable user agreement for processing on managed endpoints.

Penalties & Enforcement

The Schedule to the DPDP Act sets the maximum financial penalty for each category of breach. Adjudication is handled by the Data Protection Board of India; appeals lie before the Telecom Disputes Settlement and Appellate Tribunal (TDSAT).

  • ₹250 crore

    Failure to take reasonable security safeguards under Section 8(5).

  • ₹200 crore

    Failure to notify a personal data breach under Section 8(6).

  • ₹200 crore

    Additional obligations relating to children under Section 9.

  • ₹150 crore

    Additional obligations of a Significant Data Fiduciary under Section 10.

  • ₹50 crore

    Breach of any other provision of the Act or Rules.

Endpoint Central helps in achieving the following compliances

  • CIS

  • FERPA

  • NIST 800-171

  • UK CYBER ESSENTIALS

  • NCA

  • ISO 27001

  • PCI DSS

  • NIST 2.0 CSF

  • HIPAA

  • DORA

  • GDPR

  • NIS2

  • RBI

  • Essential 8

Recommended reads

WEBSITE GDPR compliance made easy with Endpoint CentralWEBSITE Financial entities need not worry about DORAWEBSITE Endpoint Central for Essential Eight

Real Stories, Real Impact: Endpoint Central and Compliance

quote-icon-10

"Endpoint Central has allowed us to move towards our goal of a centralized application to cover off IT support activities.  The deployment was really simple with no real issues.  We use it mainly for the integration with ServiceDesk Plus and the reports it provide for our ISO implementation"

Quote

Keith Henning,

Business Support, Evander Glazing and Locks

Talk to Us About Your Compliance Needs

Feel free to connect with our experts to address your specific queries and discover how Endpoint Central can assist you in meeting DPDPA requirements.

Please enter the valid name.Please enter a name.
Please enter a valid email.Please enter a email.
-

Please enter the valid phone.Please enter the phone.

Please fill Requirements.
By clicking 'SUBMIT', you agree to processing of personal data according to the Privacy Policy.

Trusted by

Unified Endpoint Management and Security Solution
Patch ManagementSoftware DeploymentEndpoint SecurityOS DeploymentAsset ManagementMobile Device MgmtTools & Configurations