As indicated in previous blogs, we are covering commonly-held misconceptions to provide clarity over what's important to those embarking upon their DPDPA compliance journey. Our particular focus here is on compliance with India’s new Digital Personal Data Protection Act, but it is worth reiterating that the lessons are globally applicable.

In this week's post, we shine the light on the commonly-held view that it is only big tech companies that need to ensure they comply.

Misconception 7: Regulators are only interested in big tech companies

Elsewhere in the world, it’s the hundreds of millions (or even billions) in fines levied against the big US tech companies that get headlines in the mainstream press. In reality, though, data protection enforcement is continuous and applies at all levels. At the time of writing there have been 335 publicly notified fines in Europe in 2025, as well as many more interventions that required process change or improvement without an immediate monetary penalty; of those 335, only 3 were directed at one of the big tech firms. The total fines levied were €1.1bn (about ₹11,360 Cr, an average of ₹34Cr per fine).

Rather watch as a video? Click below.

-----------------------------------------------------

Read our 10 DPDPA misconceptions series

Interested to read the series in full? Click on the links below.

Misconception 1: data protection is all about breach prevention

Misconception 2: Compliance is just paperwork.

Misconception 3: it’s all about consent

Misconception 4: personal data is PII

Misconception 5: Consumers don’t care about privacy

Misconception 6: No consumers, no problem

Setting off on your DPDPA compliance journey?

If you’d like us to help you achieve DPDPA compliance and transform your data from a risk into an asset, you can Contact Us.

If you are looking for more information regarding DPDPA compliance, visit our DPDPA resources page.