DPDP Rules 2025 compliance deadline is approaching. Is your visual data ready?
Check NowHow every rule maps to Veritas architecture. Built for Indian insurance from day one — not adapted, not patched.
| DPDP Rule | Requirement | How Veritas Satisfies It |
|---|---|---|
| Rule 3 | Clear consent notice before data collection | SDK consent screen shown before every capture. Itemised list of data collected (GPS, timestamp, device ID, motion). Plain language. |
| Rule 6(1)(a) | Encryption of personal data | AES-256 at rest, TLS 1.3 in transit. Hardware-bound private key never exported. |
| Rule 6(1)(b) | Access controls on computer resources | Role-based dashboard access. API key scoping. No adjuster can access another adjuster's captures. |
| Rule 6(1)(c) | Logs and monitoring for unauthorised access | Full audit log per capture. Every API call logged with timestamp, IP, and user. |
| Rule 6(1)(d) | Data backups for continued processing | Mumbai-region redundant storage. 99.9% uptime SLA on Enterprise. |
| Rule 6(1)(e) | Retain logs for minimum 1 year | Logs retained 1 year minimum. Configurable up to 7 years on Enterprise. |
| Rule 6(1)(f) | Contract must require security safeguards | Standard DPA included with all paid plans. |
| Rule 7 | Breach notification within 72 hours | Dashboard breach detection. Export-ready incident report for DPB notification. |
| Rule 13 | Data Principal rights (access + erasure) | Claimant erasure request API. Dashboard export for access requests. |
| Rule 14 | Data must not leave India | 100% Mumbai-only processing. Zero CDN edge in foreign jurisdiction. No sub-processor outside India. |
Under the DPDP Rules 2025, Veritas acts as a Data Processor processing personal data strictly on the instructions of your organisation (the Data Fiduciary). We determine nothing about the purpose of processing — you do. This means your DPDP obligations are reduced when using Veritas versus building an in-house solution, where your team would assume full Fiduciary liability.
Read Rule 6(1)(f) — Processor Contract Requirements →Insurance companies face dual compliance: DPDP Rules 2025 AND IRDAI data governance requirements. Veritas satisfies both. IRDAI mandates claims photo documentation. DPDP mandates that documentation be lawfully collected with consent, securely stored in India, and deletable on request. Veritas does all three.
IRDAI Data Guidelines →Enterprise clients receive a custom DPA reviewed by our legal counsel. Contact support.veritas@gmail.com
The Data Protection Board is operational as of November 2025. They have inquiry powers and can impose penalties immediately. The 2027 deadline is for full compliance — enforcement can begin now.