Most personal data is processed by vendors, not by you directly. We help you build a defensible vendor risk program — risk-tiered due diligence, robust Data Processing Agreements (DPAs), sub-processor governance and ongoing oversight aligned to the DPDP Act and GDPR.
A scoped engagement with concrete deliverables — not a slide deck.
Complete inventory of personal-data processors, risk-tiered by data type, volume and criticality.
Tailored questionnaires combining privacy, security and AI considerations.
Indian and EU-style DPAs, SCCs and supplementary measures.
Visibility and approval workflow for downstream sub-processors.
Annual reassessment, change-of-scope reviews and exit planning.
A repeatable four-stage method, calibrated to your business.
Single source of truth for every vendor that touches personal data.
Risk tiering based on data type, volume and processing nature.
Targeted due diligence by tier; DPAs and SCCs aligned to risk.
Annual cycle, change-driven reviews and exit playbooks.
Engagement profiles where we add the most value.
A DPA is a contract between a Data Fiduciary/Controller and a Processor that defines the scope, purpose, security obligations, sub-processing rules and breach notification duties of the Processor. It's mandatory under GDPR and best practice under the DPDP Act.
No — we recommend risk-tiered assessment. High-tier vendors (large personal data volumes, special categories, critical to operations) get deep diligence; lower tiers get proportionate review.
End-to-end data privacy consulting in India. DPDP Act, GDPR, audits, DPO services and privacy program implementation by experienced India & EU specialists.
Learn moreStand up a complete, defensible privacy program: governance, policies, controls, technology and training — calibrated to the DPDP Act and global frameworks.
Learn moreIntegrated cybersecurity and privacy consulting for Indian businesses. Combined risk assessments, breach readiness and controls under DPDP Act and ISO 27001/27701.
Learn moreGDPR compliance consulting for Indian companies serving EU users. Article 27 representation, cross-border transfers, DPIAs and unified DPDP Act + GDPR programs.
Learn moreBook a free 30-minute consultation with Primitra. We'll review your current posture and outline the fastest path to a defensible, audit-ready program.