Rule 7

Data Breach Notification

Rule 7 of DPDP Rules 2025 mandates timely notification of personal data breaches to the Data Protection Board and affected Data Principals.

Breach Response Process

Step 1

Identify the breach and assess its scope, impact, and the personal data affected

Step 2

Take immediate steps to contain the breach and prevent further unauthorized access

Step 3

Intimate the Data Protection Board about the breach in prescribed form and manner

Step 4

Inform affected Data Principals about the breach and remedial actions

Notify without unreasonable delay, and in any case within 72 hours of becoming aware of the breach.

Notify as directed by the Board, typically without undue delay after Board notification.

Description of the personal data breach

Categories and approximate number of Data Principals affected

Categories and approximate number of personal data records affected

Likely consequences of the breach

Measures taken or proposed to address the breach

Contact details of Data Protection Officer or designated contact

Measures taken to mitigate possible adverse effects

Nature of the personal data breach

Possible consequences of the breach

Measures taken to address the breach

Measures Data Principal can take to protect themselves

Contact information for more information

TCSA helps organizations develop comprehensive data breach response plans.

Related Certifications

Explore complementary certifications that work together to provide comprehensive security and compliance coverage.

International privacy standard. Demonstrates global privacy best practices beyond DPDP.

Information security foundation. DPDP compliance is easier with strong ISMS in place.