India · RTI & DPDP

Right to information and data protection for India, in one platform

AccessPoint manages Right to Information Act 2005 requests and the Digital Personal Data Protection Act 2023's obligations — the 30-day RTI clock, CIC and SIC appeals, and data-principal rights — pre-configured for India and running inside your own Microsoft 365 tenant.

India at a glance

Response deadline
30 days from receipt by the Public Information Officer (RTI Act)
Expedited
48 hours where the request concerns a person's life or liberty
Fees
A nominal application fee (e.g. Rs 10 for central-government bodies; state fees vary), with BPL applicants exempt
DPDP data-principal rights
Access (s 11), correction and erasure (s 12), and grievance redressal (s 13)
Breach notification
Notify the Data Protection Board and affected data principals of a personal-data breach
Oversight
Information Commissions (RTI) and the Data Protection Board of India (DPDP)

Built for India

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

RTI request lifecycle

Intake to decision on the RTI Act's 30-day clock — with the 48-hour life-or-liberty rule, the section 8 exemptions, fee and copying charges, and a deemed-refusal safeguard, all built on Microsoft 365.

CIC and SIC appeals

Track first appeals and second appeals to the Central or State Information Commission — each with its own clock, an investigation workspace, and a guided path through to disclosure orders or penalties on information officers.

DPDP data-principal requests

Handle DPDP access (s 11), correction and erasure (s 12), and grievance-redressal requests as the Act's obligations phase in, on a guided questionnaire engine with an embedded risk register.

DPDP breach notification

Log a personal-data breach and get a live checklist of what the DPDP Act requires — notice to the Data Protection Board of India and to each affected data principal — with a full audit trail.

Data-protection impact assessments

Run the impact assessments the DPDP framework expects of Significant Data Fiduciaries, using the same assessment engine — with screeners, section delegation, and a risk register — that scores and reviews your other governance work.

In your own tenant

Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.

From transparency to data protection

India built one of the world's largest right-to-information systems. Now data protection arrives. AccessPoint runs both.

For two decades the Right to Information Act has given citizens a powerful claim on what public authorities hold. The Digital Personal Data Protection Act 2023 adds the other half — rights for individuals over their own personal data, duties for the organisations that process it, and a Data Protection Board to enforce them, with rules finalised in 2025 and obligations phasing in through 2027. AccessPoint operates both on one platform, in your own tenant, so RTI requests, data-principal requests, and breach notifications are handled by one system instead of being bolted on as the new law lands.

RTI requests The 30-day clock, with CIC and SIC appeals.
Data-principal requests Access, correction, and erasure under the DPDP Act.
Breach notification Notice to the Data Protection Board and data principals.

Configured out of the box

Installing the in-rti-dpdp configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • The RTI Act 2005 and the DPDP Act 2023 as the legal-authority spine
  • Indian public-holiday calendar and RTI due-date rules, including the 48-hour life-or-liberty clock
  • The RTI section 8 exemptions, colour-coded for redaction
  • RTI application-fee and copying-charge categories, with the BPL exemption
  • CIC and SIC first-appeal and second-appeal grounds and dispositions
  • DPDP data-principal request types — access, correction, erasure, and grievance redressal
  • DPDP breach-notification rules for the Data Protection Board of India
  • Correspondence templates with RTI and DPDP wording

India Questions

Does AccessPoint cover both the RTI Act and the DPDP Act?

Yes. The India configuration ships both regimes in one pack — Right to Information Act requests and Digital Personal Data Protection Act obligations — with the RTI 30-day clock, the section 8 exemptions, CIC and SIC appeals, DPDP data-principal rights (access, correction, erasure, and grievance redressal), and breach notification to the Data Protection Board reflected in the workflows.

Is the DPDP Act in force yet?

The Act was enacted in 2023 and its rules were finalised in November 2025, with obligations phasing in — institutional provisions first, and the core duties, including data-principal rights and breach reporting, taking effect through 2027. AccessPoint ships the DPDP workflows now, so your team is ready as each obligation commences.

How does it handle RTI appeals?

AccessPoint's complaints and appeals module tracks first appeals to the appellate authority and second appeals to the Central or State Information Commission, each with its own statutory clock, an investigation workspace, and a guided path to a disclosure order, penalty, or other disposition.

Where does Indian data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, documents, assessments, and audit history never leave your control — no third-party cloud and no cross-border data transfers.

Run RTI and DPDP in One Platform

Try AccessPoint free for 30 days, pre-configured for India. No credit card required.

Start Free Trial