Expert consulting in privacy compliance and regulations including DPDPA, GDPR, CPRA and beyond — tailored for companies scaling data and AI together.
DPDPA 2023 becomes enforceable on 13 May 2027
Is your organisation DPDPA ready? · Let's talk →
Navigate GDPR, DPDPA, and evolving data protection frameworks with clarity and confidence.
Privacy by design, data mapping, current state assessment and more...
Structured approach to securing personal data across data landscape.
Independent privacy audits, topical advisory engagements, privacy breach response planning.
India's privacy regulation Digital Personal Data Protection Act (DPDPA) 2023 will be enforceable in May 2027. For businesses and corporates, managing personal data in order to preserve and nurture the customer trust is no more an option. Their reputation as well as financial risk in the form of share price impact, as seen from global examples in recent years, is at stake.
Privacy experts across the globe estimate that it takes on average 6 months for a company to become fully privacy compliant. For larger companies, the timeline can exceed 12 months, given their expansive personal data footprint, among other technical and operational challenges. They must get into action now to set up and run DPDPA privacy compliance as a program and company-wide initiative.
Shreyas Consulting is happy to help! Shreyas Consulting is a strategic privacy advisory that works with DPOs and privacy heads entrusted with operationalizing DPDPA compliance in their organizations, helping them with compliance strategy and blueprinting so that they get their organisation compliant faster, avoiding compliance gaps and can confidently manage their stakeholders.
Shreyas is a Data Privacy advisor with international experience. He advises clients on the issues of data privacy, data protection, compliance and cybersecurity. He has hands-on experience with global privacy regulations including India DPDPA, GDPR (EU), CPRA (US) and Middle Eastern laws.
Earlier, through his 25 years of award-winning corporate career, he worked across multiple industries such as Banking, financial services, telecoms, healthcare, manufacturing as well as digital media firms, in client-facing roles.
A Fellow of Information Privacy (FIP) awarded by IAPP, USA, as well as CIPP/E, CIPT, DCPLA certified professional, he has been a speaker and panelist at reputed Indian and International Forums including IAPP, ISACA, FDPPI and NASSCOM.
He gained valuable privacy, data protection and cybersecurity technology and tools experience working with acclaimed corporations such as IBM, JPMorgan and Tech Mahindra.
Data Privacy advisor with 25+ years of corporate experience across Banking, FinTech, Telecoms, Healthcare, and Digital Media. Expert in DPDPA, GDPR, CPRA and Middle Eastern privacy laws.
Each engagement is scoped to your specific situation — no one-size-fits-all packages.
A focused 4-to-5-week consulting engagement that helps a newly appointed Indian DPO get a clear, board-ready view of DPDPA exposure, priorities, and next steps. The outcome is not just advice; it is a practical roadmap the DPO can immediately take to leadership and start executing.
FAQs Are Not Available At This Moment
Please check back soon. In the meantime, feel free to contact us with your questions.
Blogs Will be Uploaded Shortly
Practical analysis of regulatory developments, breach case studies, and cybersecurity strategy — coming soon.
All case studies are fully anonymised to protect client confidentiality — a standard we hold ourselves to as firmly as we advise others.
A software development, testing and processing company operating as a Data Processor under EU GDPR, with clients in the US, Europe and India.
The company specialised in custom development for mobile & desktop games, Artificial Intelligence, and Image Analytics.
The organisation had low maturity on process & governance and needed to understand its GDPR obligations and become compliant.
A premier Global Financial Institution (GFI) had built an entire stack of data privacy and security automation tools, but its business needs had evolved significantly.
The GFI had also undertaken a cloud-based transformation to support changing business demands and economics.
The client wanted to re-assess its privacy use cases and ensure existing tools aligned with future demand — evaluating the current tool stack against operational challenges and defining success metrics.
A roadmap to implement tool stack changes and a recommended target technology architecture were also required.
An Indian BPO service provider catering to US and EU markets, with offices in 3 Indian cities, operating as a Data Processor under GDPR.
The company wanted to become GDPR compliant and demonstrate its compliance to clients. The executive team lacked awareness of GDPR regulatory requirements and its applicability.
The client sought an assurance letter from an external global firm confirming it satisfied all GDPR regulatory requirements.
A leading UK-based global bank with vast operations, a heavy legacy of processes and systems, and an ongoing digital transformation programme.
Qualifying as a Data Controller under GDPR with a layered 3-lines-of-defence risk model, the bank's GDPR implementation spanned over a dozen work streams.
A new Target Operating Model (TOM) was required to address the post-GDPR reality and align all work streams. The bank was also undertaking Privacy by Design for the first time, amid a level of regulatory ambiguity inherent to GDPR as a new regulation.
In addition, the bank needed to formulate a DPIA framework to address high-risk scenarios — including biometric data and large-volume personal data processing.
Additional case studies available on request. All client details are kept strictly confidential.
Fill in the form and I'll get back to you within one business day. All enquiries are treated with strict confidentiality.
Information submitted here is used solely to respond to your enquiry. It is never sold, shared with third parties, or used for unsolicited marketing.
Fields marked * are required. Your data stays private.
By submitting this form you agree to being contacted regarding your enquiry. No spam, ever.
Thank you for reaching out. I'll be in touch within one business day.
| # | Component | Details |
|---|---|---|
| 1. DPO Playbook | ||
| 1.1 | DPDPA Requirement Applicability | Assessment of which DPDPA obligations apply to your organisation based on the nature and scale of personal data processing. |
| 1.2 | Compliance Gap Assessment | Structured review of current practices against DPDPA requirements to identify gaps and areas of non-compliance. |
| 1.3 | Manual Data Inventory | Guided mapping of personal data flows, processing activities, and data assets across the organisation. |
| 1.4 | Policy Checklist | Review and checklist of required privacy policies, notices, and internal documentation under DPDPA. |
| 1.5 | Target Operating Model | Recommended governance structure, roles, and processes to sustain ongoing DPDPA compliance. |
| 2. Action Plan | ||
| 2.1 | 30-60-90 Day Action Plan & Recommendations | A phased, prioritised roadmap with clear deliverables and milestones for the first 90 days of your compliance journey — immediately actionable by the DPO. |
| 3. Board / Senior Leadership Readout | ||
| 3.1 | DPDPA Masterclass with Top Leaders & Key Team Members | An executive-level session to build DPDPA awareness among leadership and key stakeholders, covering obligations, risk landscape, and business implications. |
| 3.2 | Discussion on Risk Exposure, Business Priorities & Required Decisions | Facilitated discussion with the board and senior leadership on risk exposure levels, strategic priorities, and decisions required to progress compliance. |
| 4. Advisory Support Window | ||
| 4.1 | 30-Day Follow-Up Advisory Window | Post-engagement support with 2 fortnightly sessions to help the DPO discuss show-stoppers, review key decisions, and refine plans with expert guidance. |
You're about to switch to the light theme. The site will switch themes across all pages. Would you like to continue?