Does the DPDP Act 2023 apply to small businesses in India?

Yes. The Digital Personal Data Protection Act 2023 and DPDP Rules 2025 apply to any business that collects digital personal data — regardless of company size. A 20-person business is as exposed as a 2,000-person company. If you have a contact form, employee records, customer database, or CCTV system, you are a Data Fiduciary under the Act.

What is the penalty for non-compliance with the DPDP Act?

The DPDP Act 2023 specifies penalties up to ₹250 crore for a personal data breach. Failure to implement adequate security safeguards can attract penalties up to ₹200 crore. There is no minimum company size threshold — any Data Fiduciary can be penalised.

Are the consulting fees fixed or variable?

All Alchemy Mantra™ engagements are fixed-price. Anchor prices are published on the website, with bands based on company size and scope. The exact price is confirmed on a free 30-minute discovery call before any commitment is made. There are no hourly surprises.

Does Nitin Sarawahi work with businesses outside Hyderabad?

Yes. All engagements are delivered remotely and serve businesses across India. For IT Process Audits, one on-site visit to your location is included in the standard pricing. Alchemy Mantra™ has clients across Hyderabad, Mumbai, Bengaluru, Delhi, Pune, and other cities.

🇮🇳 For businesses where the MD still owns IT decisions

Your Business Deserves
Enterprise-Grade
IT & Compliance

Q: What does a DPDP Readiness Assessment include?

A DPDP Readiness Assessment includes a full data inventory and flow mapping, gap analysis against the DPDP Act and Rules 2025, risk classification by severity, a prioritised remediation roadmap, 3 policy templates (Privacy Notice, Consent Record, Data Breach Notification), and a 60-minute findings presentation with your leadership team. Delivered in 5–7 business days starting from ₹40,000.

Q: What is a Fractional IT Head and does my business need one?

A Fractional IT Head provides CTO-level IT leadership on a part-time basis — typically around 9 hours per month. You get vendor governance, IT roadmap planning, security oversight, and board-level IT reporting without the cost of a full-time hire (which can run ₹25–50 lakh per year). It is ideal for growing businesses where the MD or business owner is still making all IT decisions.

IT Process Audits, DPDP Act compliance, and fractional IT leadership — delivered by a former Microsoft veteran with 21 years of operational experience. Fixed prices. No surprises.

📅 Book Free Strategy Call WhatsApp Us

21 Years IT Experience

13 Years at Microsoft

From ₹40,000

Common problems we fix

⚠️

DPDP Act non-compliance Rules notified Nov 2025 — penalties up to ₹250 Cr for data breaches

Urgent Risk

🔓

No IT roadmap or vendor governance Tools accumulated reactively, vendor contracts never reviewed, no one owning IT decisions

Security Gap

💸

Wasted IT spend Duplicate tools, unused licences, no vendor governance

Cost Leak

👤

No senior IT leadership CTO-level thinking at a lean budget — fractional engagement

Skill Gap

21+

Years IT Operations Experience

Years at Microsoft

₹0

Surprise charges — ever

30min

Free discovery call. No pitch.

The Challenge

Most businesses are exposed — and
most don't know it yet

📋

The DPDP Act 2023 is now enforceable

DPDP Rules 2025 were notified in November 2025. Any business collecting digital personal data — customer names, phones, emails, employee records — is a Data Fiduciary. There's no size threshold. A 20-person company is as exposed as a 2,000-person one.

🏗️

IT was never properly set up — it just grew

Most growing organisations never had a senior IT person in the room. Tools were added reactively, security basics were skipped, and vendors were never governed. The result is a fragile, expensive, and risky infrastructure.

💼

You can't afford a full-time CTO — but you need one

Senior IT leadership costs ₹25–50L/year in-house. Most growing businesses either go without, or rely on a junior IT person making enterprise-level decisions they're not equipped to make.

The Alchemy Mantra™ Approach

We bring Microsoft-grade operational rigour to lean, growing businesses. Every engagement is scoped, time-boxed, and fixed-price — so you know exactly what you're getting and what it costs before we begin.

✓DPDP compliance roadmap with prioritised action plan

✓IT process audit with vendor & security review

✓Fractional IT Head — CTO-level thinking, lean budget

✓All deliverables are yours. No vendor lock-in.

✓Remote-first. Works across India. One on-site where needed.

Start with a free 30-min call →

What We Offer

6 services. All fixed-price.
All standalone.

See full details →

One-Time Project

DPDP Readiness Assessment

Know exactly where you stand with the DPDP Act 2023. Gap analysis, risk rating, and a prioritised remediation roadmap. Delivered in 5–7 days.

From ₹40,000 · fixed price

→ Price varies by company size & data complexity

Full details →

One-Time Project

IT Process Audit

Full operational audit — security posture, vendor contracts, tool stack, incident readiness, and IT governance. 3–4 weeks. One on-site visit included.

From ₹75,000 · fixed price

→ Scales with headcount & infrastructure scope

Full details →

Best Value Bundle

IT + DPDP Combined Audit

Both audits in one integrated engagement. Significant overlap means lower cost, faster delivery, and a single cohesive report with one action plan.

From ₹1,00,000 · fixed price

→ Saves ₹15,000+ vs buying separately

Most popular for growing organisations Full details →

Monthly Retainer

DPDP Compliance Retainer

Ongoing DPDP compliance management after assessment — incident response support, policy updates, regulator readiness, and quarterly reviews. 3-month minimum.

From ₹18,000/mo · 3-mo min

→ Bundle with Fractional IT Head for best value

Full details →

Monthly Retainer

Fractional IT Head

CTO-level IT leadership on a part-time basis. Vendor governance, IT roadmap, security oversight, hiring guidance, and board-level IT reporting. 3-month minimum.

From ₹30,000/mo · 3-mo min

→ ~9 hrs/month dedicated advisory

Full details →

Workshop

DPDP Staff Training Workshop

Practical, jargon-free DPDP awareness training for your team. Custom slide deck, participant workbooks, quiz & certificates. Half-day or full-day options.

From ₹22,000 · per session

→ Half-day or full-day · Discount with any audit

Full details →

All prices are indicative anchors. Exact pricing is confirmed on your free discovery call based on your company size, scope, and complexity.

Get an exact quote — free 30-min call →

⚡ Compliance Deadline

The DPDP Rules 2025 are notified.
Non-compliance is no longer hypothetical.

If your business collects any digital personal data — a contact form, employee records, payment details, or CCTV footage — you are a Data Fiduciary. The DPDP Act applies regardless of company size. Our readiness assessment tells you exactly where you stand and what to fix first.

₹250 Cr

Maximum penalty for data breach

Book DPDP Assessment Call →

Nitin Sarawahi

Founder, Alchemy Mantra™
IT Consultant & DPDP Advisor

🏢 13 Years · Microsoft

About Nitin

Microsoft-grade rigour.
Built for growing businesses.

Years IT Operations experience

Years at Microsoft

Fixed

Price. Always. No surprises.

I spent 13 years inside Microsoft building and running IT operations at scale — vendor governance, security frameworks, incident management, compliance programmes. I saw what good IT looks like from the inside of one of the world's most operationally rigorous companies.

Most organisations I work with are operationally lean — they've accumulated tools, neglected security basics, and have never had a senior IT person in the room. The business owner or MD is still making every IT call. That's not a failure — it's a gap I can close.

Every engagement starts with a free 30-minute conversation. No pitch. No commitment. I'll tell you honestly if I can help, and what it would cost.

Common Questions

Answers before
the call

Does the DPDP Act apply to small businesses in India? +

Yes — there is no size threshold. The Digital Personal Data Protection Act 2023 and DPDP Rules 2025 apply to any business that collects digital personal data. A 20-person company is as exposed as a 2,000-person one. If you have a contact form, employee records, a customer database, or CCTV, you are a Data Fiduciary under the Act.

What is the penalty for DPDP non-compliance? +

Up to ₹250 crore for a personal data breach. Failure to implement adequate security safeguards can attract up to ₹200 crore. These penalties apply regardless of business size — the Act has no small-business exemption.

What does a DPDP Readiness Assessment include? +

A full data inventory and flow map, gap analysis against the DPDP Act and Rules 2025, risk classification by severity, a prioritised remediation roadmap, three policy templates (Privacy Notice, Consent Record, Breach Notification), and a 60-minute findings walkthrough with your leadership team. Delivered in 5–7 business days from ₹40,000.

What is a Fractional IT Head? +

CTO-level IT leadership on a part-time basis — around 9 hours per month. You get vendor governance, IT roadmap planning, security oversight, and board-level IT reporting without a full-time hire (which typically costs ₹25–50 lakh per year). Ideal when the MD is still making all IT decisions.

Are your fees fixed or hourly? +

All engagements are fixed-price. Anchor prices are published on the Services page with bands based on company size. The exact number is confirmed on your free discovery call before any commitment. There are no hourly surprises — ever.

Do you work with businesses outside Hyderabad? +

Yes — all engagements are delivered remotely and serve businesses across India. For IT Process Audits, one on-site visit to your location is included in standard pricing. Clients are spread across Hyderabad, Mumbai, Bengaluru, Delhi, Pune, and beyond.

Get in Touch

Let's talk about
your business

No pitch. No commitment. A free 30-minute call to understand what's going on — and whether I can help. Most clients know within 15 minutes whether this is right for them.

💬

WhatsApp — fastest response Message Nitin directly. Usually responds within 2 hours.

📅

Book a 30-min call Pick a slot that works for you. Google Calendar booking.

✉️

Email nitinsarwahi@alchemymantra.com · Response within 24 hours

Request a free discovery call

Fill this in and Nitin will reach out within 24 hours to schedule.

Your Name * ⚠ Please enter a valid name (letters only, min 2 characters)

Company Name

Phone / WhatsApp * ⚠ Enter a valid 10-digit Indian mobile number (starts with 6–9)

Work Email ⚠ Enter a valid email address (e.g. name@company.com)

Company Size

Industry

I'm interested in

What's your biggest IT or compliance concern? (optional)

I have read the Privacy Notice and consent to Alchemy Mantra™ collecting and processing my personal data to respond to my enquiry and schedule a discovery call.

No spam. No sales pressure. Nitin reads every submission personally.

✓ Got it! Nitin will reach out within 24 hours to schedule your free discovery call.

Your Business DeservesEnterprise-GradeIT & Compliance

The Alchemy Mantra™ Approach

The DPDP Rules 2025 are notified.Non-compliance is no longer hypothetical.

Request a free discovery call

Your Business Deserves
Enterprise-Grade
IT & Compliance

The DPDP Rules 2025 are notified.
Non-compliance is no longer hypothetical.