Data Loss Prevention
for DPDP compliance

Discover how Endpoint Protector can help your organization to safeguard Digital Personal Data Protection Act (DPDP) and protect it from loss, and unauthorized disclosure

Table of Contents

  1. Who has to comply with DPDP?
  2. Implement technical measures to meet compliance
  3. Block data transfers with Endpoint Protector
  4. A trusted solution for data loss prevention
  5. Considerations for your organization

The Digital Personal Data Protection Act (DPDP) recognizes the rights of individuals to protect their personal data. Indian companies who collect and process Personal Identifiable Information (PII) are now classified as data fiduciaries, and are required to adopt the processes and technologies needed to meet their new responsibilities.

Endpoint Protector by CoSoSys can help companies to meet many of their data fiduciary responsibilities. In particular protecting PII from unauthorized sharing, accidental loss, and even malicious misuse and theft.

Who has to comply with DPDP?

The DPDP Act applies to businesses collecting the data of Indian residents. It also covers overseas processing of digital personal data if the processing is connected to Indian data subjects. The act covers consumer data, employee data, and business-to-business data.

  • The Act includes some exceptions for government entities, and some specific processing purposes (e.g., to perform judicial services).
  • Additional controls are placed on children/minors, including prohibiting tracking and targeted advertising.
  • Companies that collect large volumes of personal data are classed as “Significant Data Fiduciaries”, and must appoint a DPO (Data Privacy Offer).

Implement technical measures to meet compliance

Chapter 2 of the DPDP Act establishes the obligations of data fiduciaries, including the circumstances where they may process personal data. Organizations should pay attention to (Sec. 8(4-5)) which requires them to implement appropriate technical measures and implement reasonable security safeguards to prevent unauthorized disclosures and data breaches.

Endpoint Protector is a Data Loss Prevention solution that helps organizations to meet many of these requirements. It uses content inspection and contextual scanning of data, protecting sensitive information from unauthorized sharing and malicious exfiltration through both hardware and software-based exit points.

Block data transfers with Endpoint Protector

Regardless of where your data resides (network locations, cloud stores, etc.), The most common exit points for data loss are employee endpoints.

  • Enterprise messaging apps (i.e., Slack, Microsoft Teams)
  • Email attachments and body text
  • Cloud uploads to personal accounts or third-party cloud resources
  • Removable media
  • Printing

A trusted solution for data loss prevention

In most cases, data loss is accidental and employees may not even be aware that the sharing of data breaches DPDP requirements (e.g., sharing files, records, data with supply chain partners). Endpoint Protector is widely used, and trusted, by organizations around the world to meet similar requirements for local privacy laws (i.e., GDPR, CCPA, and LGDP).

Active Data Defense is the recommend solution for organizations looking to comply with DPDP. Offering feature parity across Windows, macOS, and Linux endpoints, Endpoint Protector’s lightweight agent ensures that data security policies remain active, and data protected, even when the employee endpoint is outside of the corporate network or when it’s being used offline.

  • Simple to build policies using built-in libraries of common Indian PII data, including Aadhaar numbers, passport numbers, phone numbers, addresses, and email addresses.
  • Benefit from OCR to detect critical PII within image files (e.g., screenshots, scanned documents).
  • Full feature parity across Windows, macOS, and Linux endpoints.

Considerations for your organization

Remember, given its breadth, no one solution will fulfill all DPDP requirements. Instead, organizations should look to combine multiple technologies, and processes, to meet their stated goals.

Organizations should also look to understand the sensitivity of the information to be processed, stored, or transmitted, and should conduct a thorough evaluation of Endpoint Protector to ensure it meets their unique compliance needs. Organizations are solely responsible for determining the appropriateness of using Endpoint Protector to achieve their Data Loss Prevention for the Digital Personal Data Protection Act.


Endpoint Protector can cover your Windows, macOS, and Linux machines through a single admin console.


Multiple deployment options to meet your requirements - including on-premise or cloud.

Active Data Defense

Explore our recommended solution for DPDP compliance.

Request Demo
* Your privacy is important to us. Check out our Privacy Policy for more information.