DPDP
Operational checklist (DPDP)
Practical readiness checklist for privacy operations — not a compliance certificate.
Operational checklist
Use this list to know whether you can run privacy ops with confidence.
It is not a DPDP certification and not legal sign-off.
Consent
- Project exists
- Purposes configured (required + optional as needed)
- Notice copy reviewed by your team
- At least one published consent version
- Publishable key created and stored safely
- SDK initialized against published config
- At least one receipt observed in a test environment
Systems & maps
- At least one System connected and enabled
- Health check understood (healthy / degraded / unhealthy)
- SQL Data Map: entities + identifiers + DELETE/SKIP
- Non-personal tables ignored or not mapped
- Execution preview run for a test subject (counts only)
Rights execution
- Worker process running (jobs do not complete without it)
- Operational readiness not blocked
- Test case created for a subject you control
- Verification VERIFIED before start
- Case reached COMPLETED or FAILED with timeline visible
Evidence
- Deletion evidence exported for a test case
- Consent publish evidence exported if you need “what was live”
- Team knows evidence limits (not a legal seal)
Org hygiene
- Roles assigned (Owner / Admin / Viewer)
- Billing/entitlements sufficient for projects, systems, case volume
- Secrets and keys not committed to git
States to watch
| Readiness state | Meaning |
|---|---|
| ready | Signal looks good |
| attention | Review recommended |
| blocked | Fix before confident execution |
| unknown | Not enough signal yet |
Readiness is an aggregate of signals—not a weighted “compliance score.”
What to do next
If anything is blocked, follow Getting Started or the relevant Guides.