Primitra is a specialist data privacy consulting firm helping Indian businesses build defensible, audit-ready privacy programs under the Digital Personal Data Protection (DPDP) Act, 2023 and global frameworks such as GDPR. Led by Devashish Kakkar with 5+ years of India and EU privacy experience, we translate the law into operational controls your engineering, product, HR and vendor teams can actually run.
A scoped engagement with concrete deliverables — not a slide deck.
A pragmatic 6–12 month privacy roadmap aligned to the DPDP Act, sector regulators (RBI, SEBI, IRDAI) and your commercial priorities.
Side-by-side gap analysis against the DPDP Act, GDPR and ISO/IEC 27701 with prioritised remediation backlog.
Notices, consent flows, RoPA, DPIAs, DSR workflows, retention schedules and breach playbooks — built and embedded.
On-call privacy counsel for boards, product teams and procurement — without hiring a full-time DPO too early.
Role-based privacy training, internal audits and readiness reviews so your program survives scrutiny from regulators, customers and investors.
A repeatable four-stage method, calibrated to your business.
Stakeholder interviews, system inventory and data-flow mapping across products, vendors and group entities.
Gap assessment against the DPDP Act and applicable global laws; risk-rated findings with business context.
Target operating model, policies, technical controls and a sequenced remediation roadmap.
Hands-on implementation, training and ongoing assurance — measured against defined KPIs.
Engagement profiles where we add the most value.
A data privacy consultant assesses how your organisation collects and uses personal data, identifies compliance gaps under laws like the DPDP Act and GDPR, and builds the policies, processes and technical controls needed to close them. At Primitra we combine legal interpretation with operational implementation — so the program runs after we leave.
The Digital Personal Data Protection Act, 2023 received Presidential assent and is being operationalised in phases through the Digital Personal Data Protection Rules. Companies that wait for the final notification typically end up with rushed, costly remediation. Privacy-mature buyers are already asking suppliers for evidence of readiness.
Cybersecurity focuses on protecting systems from unauthorised access. Privacy focuses on how personal data is collected, used, shared and retained — even by authorised users. The two overlap on breach response and access control, which is why we run a combined Cybersecurity and Privacy practice.
Both. Our packages scale from a 4-week DPDP Act readiness sprint for a Series A SaaS startup to multi-quarter privacy program implementation for listed enterprises and global groups operating in India.
Yes. We offer fractional and outsourced DPO services for organisations that need ongoing privacy oversight without hiring a full-time DPO. See our DPO services page for scope and engagement models.
Get DPDP Act compliant with India-focused privacy specialists. Notice, consent, RoPA, DPIA, breach response and ongoing assurance under the DPDP Act, 2023.
Learn moreOutsourced and fractional Data Protection Officer services in India. DPO-as-a-service for DPDP Act, GDPR and Significant Data Fiduciary obligations.
Learn moreIndependent data privacy audits in India under DPDP Act, GDPR and ISO 27701. Evidence-based audit reports for boards, regulators and enterprise customers.
Learn moreStand up a complete, defensible privacy program: governance, policies, controls, technology and training — calibrated to the DPDP Act and global frameworks.
Learn moreBook a free 30-minute consultation with Primitra. We'll review your current posture and outline the fastest path to a defensible, audit-ready program.