How to Get DPDP Compliant in 15 Minutes with DPDP Comply

Compliance with India's DPDP Act 2023 does not have to be a months-long enterprise project. With DPDP Comply, you can go from zero to compliant in about 15 minutes. This step-by-step tutorial walks you through the entire process — from account creation to a live consent banner on your website.

What You Will Set Up

By the end of this guide, you will have:

• A DPDP Comply account with your organization configured
• A project representing your website or application
• A customized consent banner deployed on your website
• Per-purpose consent collection aligned with Section 6
• Easy withdrawal capability (Section 11)
• A rights request workflow ready to receive Data Principal requests (Sections 12-14)
• Immutable audit trails recording every consent event
• 30-day SLA tracking for rights requests (Section 13(3))

Let us get started.

Prerequisites

Before you begin, you will need:

• An email address for account registration
• Access to your website's HTML (to add a script tag)
• A list of the data processing purposes you want to collect consent for (e.g., analytics, marketing, personalization)

Step 1: Create Your Account (2 minutes)

1. Go to comply.askmeidentity.com/register
2. Enter your name, email address, and a secure password
3. Verify your email address
4. You are now logged into your DPDP Comply dashboard

When you register, an organization is automatically created for you. You can customize the organization name and invite team members later.

Step 2: Create a Project (2 minutes)

A project represents a single website, app, or digital property. Each project gets its own consent banner configuration, API keys, and audit trail.

1. From your dashboard, click "New Project"
2. Enter a project name (e.g., "Main Website" or "Mobile App")
3. Enter your website's domain (e.g., yourcompany.com)
4. Click Create

Your project is now set up with default settings. Next, we configure the consent banner.

Step 3: Configure Your Consent Purposes (3 minutes)

The DPDP Act requires purpose-specific consent (Section 6). You need to define the specific purposes for which you collect personal data.

1. Navigate to your project's Purposes section
2. Add each purpose for which you collect data. Common purposes include:

| Purpose | Description | Example Scripts | |---------|-------------|-----------------| | Essential | Necessary for website functionality | Session cookies, authentication | | Analytics | Understanding how visitors use the site | Google Analytics, Mixpanel, Plausible | | Marketing | Advertising and promotional communications | Facebook Pixel, Google Ads, email marketing | | Personalization | Customizing user experience | Product recommendations, A/B testing | | Third-Party Sharing | Sharing data with external partners | Affiliate tracking, data partnerships |

3. For each purpose, provide a clear, plain-language description that explains what data is collected and why — this is what users will see in the consent banner, fulfilling Section 5 notice requirements.

4. Click Save after adding all purposes.

Step 4: Customize Your Consent Banner (3 minutes)

The consent banner is the user-facing consent collection interface on your website.

1. Navigate to the Banner Configuration section

2. Customize the banner:

   • Headline — e.g., "We Value Your Privacy"
   • Description — A brief explanation of your data practices
   • Button labels — "Accept All", "Manage Preferences", "Reject All"
   • Colors — Match your brand colors
   • Position — Bottom bar, top bar, or center modal
   • Logo — Upload your company logo for brand consistency

3. Preview the banner to see how it will look on your site

4. Click Save Configuration

The banner will display your configured purposes as individual toggles, allowing users to grant or deny consent per purpose — exactly as Section 6 requires.

Step 5: Deploy the Banner on Your Website (2 minutes)

Deployment is a single script tag. No complex integration required.

1. Navigate to the Integration section of your project
2. Copy the embed code. It looks like this:

<script
  src="https://comply.askmeidentity.com/widget/banner.js"
  data-api-key="pk_live_your_api_key_here"
  async
></script>

3. Paste this script tag into the <head> section of your website's HTML, before any non-essential scripts (analytics, marketing pixels, etc.)
4. Deploy your website

That is it. The consent banner will now appear on your website for all visitors. It will:

• Display before any non-essential tracking scripts load
• Present granular, per-purpose consent options
• Record consent decisions with immutable audit trails
• Provide a "Manage Preferences" option for withdrawal (Section 11)

Platform-Specific Instructions

WordPress: Add the script tag to your theme's header.php or use a "Header Scripts" plugin.

Shopify: Go to Online Store → Themes → Edit Code → theme.liquid and paste before </head>.

Next.js / React: Add the script tag to your _document.tsx or layout.tsx head section.

Static sites: Add directly to your index.html <head> section.

Step 6: Set Up Rights Request Handling (2 minutes)

The DPDP Act grants Data Principals rights under Sections 12-14, and you must respond within 30 days (Section 13(3)).

1. Navigate to your project's Rights Requests section

2. The system is pre-configured to accept five types of requests:

   • Access (Section 12) — Requests for data summary
   • Correction (Section 13) — Requests to fix inaccurate data
   • Erasure (Section 13) — Requests to delete data
   • Grievance (Section 14) — Complaints about data handling
   • Nomination (Section 14) — Appointing someone to exercise rights

3. Configure notification settings — set up email alerts for new requests and SLA deadline warnings

4. Assign team members who will handle different request types

When a Data Principal submits a request, DPDP Comply:

• Records the request with a timestamp
• Starts the 30-day SLA countdown
• Sends notifications to assigned team members
• Tracks progress through to resolution
• Logs all actions in the audit trail
• Sends alerts as the deadline approaches

Step 7: Verify Everything Works (1 minute)

1. Open your website in a new browser (or incognito/private window)
2. Verify the consent banner appears
3. Click "Manage Preferences" and verify per-purpose toggles are displayed
4. Accept consent and verify it is recorded in your DPDP Comply dashboard
5. Click your "Privacy Preferences" footer link and verify you can withdraw consent
6. Submit a test rights request and verify it appears in your dashboard

You Are Now DPDP Compliant

Congratulations. In approximately 15 minutes, you have:

• Deployed a Section 6 compliant consent banner
• Configured purpose-specific consent collection
• Enabled Section 11 consent withdrawal
• Set up Section 12-14 rights request handling
• Activated Section 13(3) 30-day SLA monitoring
• Created immutable audit trails for all consent events

What to Do Next

Update Your Privacy Policy

If you have not already, update your privacy policy to meet Section 5 requirements. See our detailed guide on creating a DPDP-compliant privacy policy.

Integrate with Your Backend

Use the DPDP Comply API to check consent state before processing personal data in your application:

// Check if user has consented to analytics
const consent = await fetch(
  'https://comply.askmeidentity.com/api/v1/consent/{token}',
  { headers: { 'Authorization': 'Bearer pk_live_...' } }
);
const data = await consent.json();
if (data.purposes.analytics) {
  // Initialize analytics
}

Invite Your Team

Add team members to your organization so they can handle rights requests, review audit logs, and manage consent configurations.

Monitor and Optimize

Check your DPDP Comply dashboard regularly to:

• Review consent rates and identify opt-in patterns
• Track rights request volume and response times
• Ensure SLA deadlines are being met
• Export audit logs for compliance documentation

Common Questions

What if I have multiple websites?

Create a separate project for each website within your organization. Each project gets its own API key, banner configuration, and consent records.

Does this work with single-page applications (SPAs)?

Yes. The widget exposes window.DPDPConsent with methods including show(), hide(), withdraw(), and getConsent() that you can call programmatically from your SPA.

What about mobile apps?

For native mobile apps, use the DPDP Comply REST API to collect and verify consent programmatically. See our guide on why mobile apps need DPDP compliance.

Is the free tier enough to get started?

Yes. The free tier includes everything you need to get compliant — consent banner, rights request management, and audit trails. Paid plans add advanced features like team management, priority support, and higher API limits. View Pricing for details.

What happens if I receive a rights request before I am fully set up?

DPDP Comply tracks all requests from the moment they are submitted. Even if your workflow is not fully configured, the request is recorded with its timestamp, ensuring you can respond within the 30-day deadline.

Start Now

Every day without DPDP compliance is a day of risk. The consequences of non-compliance include penalties up to INR 250 crore and reputational damage that no business can afford.

Get Started Free — it takes 15 minutes, costs nothing to start, and protects your business from day one.