A
AskBooks
en
Back to blogCompliance

DPDPA-ready: what India's new data law means for SMEs

Apr 15, 2026 6 min readBy AskBooks team

India's Digital Personal Data Protection Act of 2023 (DPDPA) is now in force. If your business holds customer or employee personal data — and yours does — here's what you need to know.

What is DPDPA?

The DPDPA is India's first comprehensive personal data law. It applies to anyone (called a Data Fiduciary in the law) who processes personal data of Indian individuals (Data Principals). Even small businesses qualify — anyone collecting names, phone numbers, emails, GSTINs, or PANs.

What rights do your customers have?

Under DPDPA, individuals can request:

  • Access — they can ask what data you hold
  • Correction — fix errors in their data
  • Erasure — delete data when no longer needed
  • Portability — get a machine-readable copy
  • Withdraw consent — stop you from using their data

What does this mean for your accounting software?

Your accounting software stores a lot of personal data — customer names, phone numbers, GSTINs, employee details, even bank account info. Your software needs to support, at minimum:

  1. Encryption at rest and in transit
  2. Audit logs of every state change
  3. Self-service data export
  4. Self-service deletion requests
  5. Breach notification within 72 hours
  6. Data localization (in India)

How AskBooks already complies

We built DPDPA into AskBooks from day one. Every tenant gets:

  • AES-256-GCM encryption at rest with envelope encryption
  • TLS 1.3 in transit
  • Hash-chained audit log (tamper-evident)
  • One-click data export from /settings/privacy
  • Self-service erasure requests
  • Data hosted in AWS Mumbai (ap-south-1)
  • Sub-processor list disclosed in our DPA

What if you're using Tally or a desktop tool?

Most desktop accounting tools don't have any of this. You'd need to manually log every change, manually export data on request, and the data sits unencrypted on someone's laptop. We strongly recommend moving to a cloud-native, audit-ready solution.

Penalties for non-compliance

The DPDPA can impose penalties of up to ₹250 crore for serious violations. Even small businesses can be fined ₹50 lakh for repeated minor violations. The cost of non-compliance is far higher than the cost of using a compliant tool.

Action items for SMEs

  1. Audit what personal data you hold and where
  2. Pick a DPDPA-ready accounting tool (we'd love it to be us)
  3. Update your privacy policy with rights and grievance officer details
  4. Train staff on data subject requests
  5. Run a tabletop breach response exercise

If you're an existing AskBooks customer, you're already compliant. If not, get started today — DPDPA compliance is just one of many reasons to switch.

Be DPDPA-ready in 5 minutes

Migrate from Tally to AskBooks. Free Khata. 14-day Pro trial. No credit card.

Start free