{"id":163,"date":"2026-04-28T11:39:49","date_gmt":"2026-04-28T11:39:49","guid":{"rendered":"https:\/\/blog.osto.one\/?p=163"},"modified":"2026-05-05T10:12:50","modified_gmt":"2026-05-05T10:12:50","slug":"dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027","status":"publish","type":"post","link":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/","title":{"rendered":"DPDPA for Fintechs: What the Rs 250 Crore Penalty Means for Your Platform (And What to Do Before May 2027)"},"content":{"rendered":"

India’s data protection law isn’t coming. It’s here.<\/p>\n

The Digital Personal Data Protection Act was passed in 2023. The Data Protection Board is operational. Full enforcement, including penalty powers, is anticipated around May 2027. For a fintech processing financial data on millions of Indian users \u2014 most platforms haven’t started.<\/p>\n

It’s a practical map: what DPDPA actually requires, what’s genuinely new versus what overlaps with obligations you already have, and how to build toward compliance without treating it as a separate project.<\/p>\n

Why fintechs specifically are in focus<\/h2>\n

DPDPA classifies data into two tiers. General personal data gets baseline protections. Sensitive personal data, which explicitly includes financial data, gets stricter treatment.<\/p>\n

<\/p>\n

\n

If your platform handles any of the following, you’re processing sensitive personal data:<\/p>\n

\n Bank account details<\/span>
\n Credit card numbers<\/span>
\n Income \/ salary information<\/span>
\n Transaction histories<\/span>
\n Loan or credit records<\/span>
\n Financial condition data<\/span>\n <\/div>\n

That’s most of what a fintech does. Your entire core dataset is sensitive personal data. Higher security standards, more rigorous consent requirements, larger potential penalties.<\/p>\n<\/div>\n

The five obligations that require infrastructure, not just policy<\/h2>\n

<\/p>\n

\n
\n
\n 1<\/span><\/p>\n
Security safeguards<\/div>\n<\/p><\/div>\n

The act requires ‘reasonable security safeguards to prevent personal data breach.’ For a fintech handling financial data, reasonable means: active application protection, endpoint security on devices accessing customer data, continuous monitoring, strong access controls, and documented incident response. If you’re already doing this for RBI compliance, DPDPA’s security requirement is largely covered.<\/p>\n<\/p><\/div>\n

\n
\n 2<\/span><\/p>\n
Breach notification \u2014 where most fintechs will be underprepared<\/span><\/div>\n<\/p><\/div>\n

You must notify both the Data Protection Board and affected users of a personal data breach. Expected timeline: 72 hours for the board notification. The clock may start from when you reasonably should have known, not when you confirmed the breach. Without automated detection, real-time alerting, and a pre-built notification workflow, 72 hours is nearly impossible to meet.<\/p>\n<\/p><\/div>\n

\n
\n 3<\/span><\/p>\n
Consent management<\/div>\n<\/p><\/div>\n

Personal data can only be processed with explicit consent or specific exemptions. The transaction exemption is broad \u2014 you can process the bank account number to execute the payment. What isn’t covered: using customer transaction data to train credit scoring models without disclosure, selling aggregated data to third parties for marketing, or using financial behaviour data for insurance underwriting without specific consent.<\/p>\n<\/p><\/div>\n

\n
\n 4<\/span><\/p>\n
Data principal rights<\/div>\n<\/p><\/div>\n

Your users will have the right to access their data on request, correct inaccurate data, and have their data erased when it’s no longer necessary. Erasure rights interact with RBI record-keeping obligations \u2014 you likely have legally mandated retention periods for transaction records. DPDPA provides exemptions for legally required retention, but you still need a workflow that distinguishes between data you must keep and data you can delete.<\/p>\n<\/p><\/div>\n

\n
\n 5<\/span><\/p>\n
Cross-border data transfers<\/div>\n<\/p><\/div>\n

Will be restricted to approved countries once implementing rules are published. If you use US-based fraud detection vendors, data enrichment services, or any infrastructure that your customer data flows through, map those data flows now, before the rules land.<\/p>\n<\/p><\/div>\n<\/div>\n

The penalty structure is not symbolic<\/h2>\n

<\/p>\n

\n\n\n\n\n\n\n\n
Violation<\/th>\nMax Penalty<\/th>\n<\/tr>\n<\/thead>\n
Failure to implement security safeguards resulting in a data breach<\/td>\n\u20b9250 crore<\/td>\n<\/tr>\n
Failure to notify the Data Protection Board<\/td>\n\u20b9200 crore<\/td>\n<\/tr>\n
Failure to notify affected users<\/td>\n\u20b9200 crore<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

What DPDPA adds on top of RBI obligations<\/h2>\n

<\/p>\n

\n
\n
RBI covers<\/div>\n

Protecting your systems and reporting incidents to the regulator. Security infrastructure, incident response, VAPT.<\/p>\n<\/p><\/div>\n

\n
DPDPA adds<\/div>\n

Obligations to notify users whose data was compromised, and consent and data subject rights infrastructure \u2014 entirely new for Indian fintechs.<\/p>\n<\/p><\/div>\n<\/div>\n

The security infrastructure overlap is significant. One comprehensive programme satisfies both. The consent and data rights infrastructure is genuinely new work. If you don’t have it, RBI compliance doesn’t help you here.<\/p>\n

The 13-month roadmap<\/h2>\n

<\/p>\n

\n
\n
\n
Months 1\u20133<\/div>\n<\/p><\/div>\n
\n
Data mapping<\/div>\n
What personal and sensitive personal data do you collect? Where is it stored? Which vendors process it? Which countries does it flow to? You cannot comply without knowing your data flows.<\/div>\n<\/p><\/div>\n<\/p><\/div>\n
\n
\n
Months 3\u20136<\/div>\n<\/p><\/div>\n
\n
Consent audit and redesign<\/div>\n
Review every consent touchpoint in your product against DPDPA requirements. Identify secondary data uses that need specific consent. Redesign the flows that don’t meet the standard.<\/div>\n<\/p><\/div>\n<\/p><\/div>\n
\n
\n
Months 4\u20138<\/div>\n<\/p><\/div>\n
\n
Security infrastructure<\/div>\n
Commission a VAPT scoped to your personal data processing systems. Implement or verify WAF coverage, endpoint protection, and continuous monitoring. Build the breach detection capability that makes 72-hour notification achievable.<\/div>\n<\/p><\/div>\n<\/p><\/div>\n
\n
\n
Months 8\u201311<\/div>\n<\/p><\/div>\n
\n
Breach notification workflow<\/div>\n
Who gets alerted? Who files the DPB notification? What does user notification look like in practice? Run a tabletop exercise. Work through every step.<\/div>\n<\/p><\/div>\n<\/p><\/div>\n
\n
\n
Months 11\u201313<\/div>\n<\/p><\/div>\n
\n
Data rights infrastructure<\/div>\n
Build the ability to export a user’s full data record, update it on request, and delete it subject to legal holds. These are product engineering tasks, not documentation tasks.<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n

<\/p>\n

\n

The May 2027 deadline feels distant until it doesn’t. Companies that start now can build toward compliance steadily. Companies that start in late 2026 will be running a sprint, and sprints in regulated environments miss things.<\/p>\n<\/blockquote>\n

<\/p>\n

The security infrastructure layer of DPDPA \u2014 WAF, endpoint protection, continuous monitoring, VAPT, incident response \u2014 is what Osto<\/a> deploys and runs for Indian fintech teams, so months 4\u20138 of this roadmap don’t have to be the hard part.<\/p>\n","protected":false},"excerpt":{"rendered":"

India’s data protection law isn’t coming. It’s here. The Digital Personal Data Protection Act was passed in 2023. The Data\u2026<\/p>\n","protected":false},"author":5,"featured_media":240,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,40],"tags":[],"class_list":["post-163","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-fintech"],"yoast_head":"\nDPDPA for Fintechs: What the Rs 250 Crore Penalty Means for Your Platform (And What to Do Before May 2027) - Osto<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DPDPA for Fintechs: What the Rs 250 Crore Penalty Means for Your Platform (And What to Do Before May 2027) - Osto\" \/>\n<meta property=\"og:description\" content=\"India’s data protection law isn’t coming. It’s here. The Digital Personal Data Protection Act was passed in 2023. The Data\u2026\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/\" \/>\n<meta property=\"og:site_name\" content=\"Osto\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-28T11:39:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-05T10:12:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/04\/ChatGPT-Image-May-1-2026-11_16_00-AM.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1536\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ansh Satwani\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ansh Satwani\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/\"},\"author\":{\"name\":\"Ansh Satwani\",\"@id\":\"https:\/\/www.osto.one\/resources\/#\/schema\/person\/4e82cd35cf60206ad1232e7d2d255144\"},\"headline\":\"DPDPA for Fintechs: What the Rs 250 Crore Penalty Means for Your Platform (And What to Do Before May 2027)\",\"datePublished\":\"2026-04-28T11:39:49+00:00\",\"dateModified\":\"2026-05-05T10:12:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/\"},\"wordCount\":846,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.osto.one\/resources\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/04\/ChatGPT-Image-May-1-2026-11_16_00-AM.png\",\"articleSection\":[\"Blog\",\"Fintech\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/\",\"url\":\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/\",\"name\":\"DPDPA for Fintechs: What the Rs 250 Crore Penalty Means for Your Platform (And What to Do Before May 2027) - Osto\",\"isPartOf\":{\"@id\":\"https:\/\/www.osto.one\/resources\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/04\/ChatGPT-Image-May-1-2026-11_16_00-AM.png\",\"datePublished\":\"2026-04-28T11:39:49+00:00\",\"dateModified\":\"2026-05-05T10:12:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#primaryimage\",\"url\":\"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/04\/ChatGPT-Image-May-1-2026-11_16_00-AM.png\",\"contentUrl\":\"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/04\/ChatGPT-Image-May-1-2026-11_16_00-AM.png\",\"width\":1536,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.osto.one\/resources\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DPDPA for Fintechs: What the Rs 250 Crore Penalty Means for Your Platform (And What to Do Before May 2027)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.osto.one\/resources\/#website\",\"url\":\"https:\/\/www.osto.one\/resources\/\",\"name\":\"Osto\",\"description\":\"Osto secures apps, networks, and endpoints with an integrated platform built for modern teams.\",\"publisher\":{\"@id\":\"https:\/\/www.osto.one\/resources\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.osto.one\/resources\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.osto.one\/resources\/#organization\",\"name\":\"Osto\",\"url\":\"https:\/\/www.osto.one\/resources\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.osto.one\/resources\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/01\/cropped-osto-blue-21-edited.png\",\"contentUrl\":\"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/01\/cropped-osto-blue-21-edited.png\",\"width\":1144,\"height\":428,\"caption\":\"Osto\"},\"image\":{\"@id\":\"https:\/\/www.osto.one\/resources\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.osto.one\/resources\/#\/schema\/person\/4e82cd35cf60206ad1232e7d2d255144\",\"name\":\"Ansh Satwani\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.osto.one\/resources\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/febb3eb0d31b99257e1d641255c28ad967bb930f531f6f2997f0bea21fd977c9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/febb3eb0d31b99257e1d641255c28ad967bb930f531f6f2997f0bea21fd977c9?s=96&d=mm&r=g\",\"caption\":\"Ansh Satwani\"},\"url\":\"https:\/\/www.osto.one\/resources\/author\/ansh\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DPDPA for Fintechs: What the Rs 250 Crore Penalty Means for Your Platform (And What to Do Before May 2027) - Osto","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/","og_locale":"en_US","og_type":"article","og_title":"DPDPA for Fintechs: What the Rs 250 Crore Penalty Means for Your Platform (And What to Do Before May 2027) - Osto","og_description":"India’s data protection law isn’t coming. It’s here. The Digital Personal Data Protection Act was passed in 2023. The Data\u2026","og_url":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/","og_site_name":"Osto","article_published_time":"2026-04-28T11:39:49+00:00","article_modified_time":"2026-05-05T10:12:50+00:00","og_image":[{"width":1536,"height":1024,"url":"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/04\/ChatGPT-Image-May-1-2026-11_16_00-AM.png","type":"image\/png"}],"author":"Ansh Satwani","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ansh Satwani","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#article","isPartOf":{"@id":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/"},"author":{"name":"Ansh Satwani","@id":"https:\/\/www.osto.one\/resources\/#\/schema\/person\/4e82cd35cf60206ad1232e7d2d255144"},"headline":"DPDPA for Fintechs: What the Rs 250 Crore Penalty Means for Your Platform (And What to Do Before May 2027)","datePublished":"2026-04-28T11:39:49+00:00","dateModified":"2026-05-05T10:12:50+00:00","mainEntityOfPage":{"@id":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/"},"wordCount":846,"commentCount":0,"publisher":{"@id":"https:\/\/www.osto.one\/resources\/#organization"},"image":{"@id":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#primaryimage"},"thumbnailUrl":"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/04\/ChatGPT-Image-May-1-2026-11_16_00-AM.png","articleSection":["Blog","Fintech"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/","url":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/","name":"DPDPA for Fintechs: What the Rs 250 Crore Penalty Means for Your Platform (And What to Do Before May 2027) - Osto","isPartOf":{"@id":"https:\/\/www.osto.one\/resources\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#primaryimage"},"image":{"@id":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#primaryimage"},"thumbnailUrl":"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/04\/ChatGPT-Image-May-1-2026-11_16_00-AM.png","datePublished":"2026-04-28T11:39:49+00:00","dateModified":"2026-05-05T10:12:50+00:00","breadcrumb":{"@id":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#primaryimage","url":"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/04\/ChatGPT-Image-May-1-2026-11_16_00-AM.png","contentUrl":"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/04\/ChatGPT-Image-May-1-2026-11_16_00-AM.png","width":1536,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.osto.one\/resources\/blog\/dpdpa-for-fintechs-what-the-rs-250-crore-penalty-means-for-your-platform-and-what-to-do-before-may-2027\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.osto.one\/resources\/"},{"@type":"ListItem","position":2,"name":"DPDPA for Fintechs: What the Rs 250 Crore Penalty Means for Your Platform (And What to Do Before May 2027)"}]},{"@type":"WebSite","@id":"https:\/\/www.osto.one\/resources\/#website","url":"https:\/\/www.osto.one\/resources\/","name":"Osto","description":"Osto secures apps, networks, and endpoints with an integrated platform built for modern teams.","publisher":{"@id":"https:\/\/www.osto.one\/resources\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.osto.one\/resources\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.osto.one\/resources\/#organization","name":"Osto","url":"https:\/\/www.osto.one\/resources\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.osto.one\/resources\/#\/schema\/logo\/image\/","url":"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/01\/cropped-osto-blue-21-edited.png","contentUrl":"https:\/\/www.osto.one\/resources\/wp-content\/uploads\/2026\/01\/cropped-osto-blue-21-edited.png","width":1144,"height":428,"caption":"Osto"},"image":{"@id":"https:\/\/www.osto.one\/resources\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.osto.one\/resources\/#\/schema\/person\/4e82cd35cf60206ad1232e7d2d255144","name":"Ansh Satwani","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.osto.one\/resources\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/febb3eb0d31b99257e1d641255c28ad967bb930f531f6f2997f0bea21fd977c9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/febb3eb0d31b99257e1d641255c28ad967bb930f531f6f2997f0bea21fd977c9?s=96&d=mm&r=g","caption":"Ansh Satwani"},"url":"https:\/\/www.osto.one\/resources\/author\/ansh\/"}]}},"_links":{"self":[{"href":"https:\/\/www.osto.one\/resources\/wp-json\/wp\/v2\/posts\/163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.osto.one\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.osto.one\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.osto.one\/resources\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.osto.one\/resources\/wp-json\/wp\/v2\/comments?post=163"}],"version-history":[{"count":2,"href":"https:\/\/www.osto.one\/resources\/wp-json\/wp\/v2\/posts\/163\/revisions"}],"predecessor-version":[{"id":165,"href":"https:\/\/www.osto.one\/resources\/wp-json\/wp\/v2\/posts\/163\/revisions\/165"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.osto.one\/resources\/wp-json\/wp\/v2\/media\/240"}],"wp:attachment":[{"href":"https:\/\/www.osto.one\/resources\/wp-json\/wp\/v2\/media?parent=163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.osto.one\/resources\/wp-json\/wp\/v2\/categories?post=163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.osto.one\/resources\/wp-json\/wp\/v2\/tags?post=163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}