DPDP Compliance Checklist for EdTech Platforms
Liability Check
Your EdTech platform handles sensitive student data and parental financial information. Without strict DPDP compliance, you're not just risking user trust, but facing penalties up to ₹250 Crore for mishandling children's data.
Why DPDP Compliance Checklist for EdTech Platforms is at Risk
EdTech companies, from BYJU'S to Unacademy, collect vast amounts of **personal data**—student names, grades, learning patterns, payment details, and often **biometric data** for secure testing. The DPDP Act, especially **Section 9**, places stringent requirements on processing data of children (under 18), demanding **verifiable parental consent**. Lack of transparent data policies, weak security for test results, or using student data for unstated purposes (like targeted ads without consent) are major red flags. The Data Protection Board will scrutinize how you protect minors and their **sensitive personal data**, just as closely as SEBI watches financial data.
Common Violations
- 1.Collecting biometric data (e.g., for proctoring or attendance) without explicit, verifiable parental consent.
- 2.Using student learning analytics for targeted advertising or third-party sharing without clear purpose-specific consent.
- 3.Failing to provide easily accessible mechanisms for parents to withdraw consent or request data deletion for their children.
The Immediate Fix
Conduct a comprehensive **Data Mapping Exercise** to identify all personal data collected (especially children's data), its purpose, storage, and sharing. Update your privacy policy to be DPDP-compliant, clearly outlining data processing activities and parental rights. Implement robust consent mechanisms, specifically for minors' data, requiring verifiable parental consent.
Projected Compliance Deadline: Immediate