DPDP Compliance

SG2 DPDP Compliance tools for WordPress: consent, data requests, retention rules, and audit-ready logs to help meet India’s DPDP requirements.

Author:Gopi Narayanaswamy (profile at wordpress.org)
WordPress version required:5.0
WordPress version tested:6.8.3
Plugin version:2.1.0
Added to WordPress repository:30-10-2025
Last updated:30-10-2025
Rating, %:0
Rated by:0
Plugin URI:
Total downloads:179
plugin download
Click to start download

SG2 DPDP Compliance Toolkit is a comprehensive WordPress plugin designed to help Indian websites comply with the Digital Personal Data Protection (DPDP) Act, 2023. It provides tools for managing user consent, handling data subject rights (DSR) requests, generating dynamic privacy policies, and auditing compliance activities.

Key Features:

  • Consent Management Banner: A customizable cookie consent popup that allows users to manage preferences for data processing purposes (e.g., communication, analytics, marketing, strictly necessary). Supports multi-language (English, Hindi) and test mode for development.
  • Grievance Redressal Form: A secure form for users to submit DSR requests (access, correction, deletion of personal data). Includes email confirmation, rate limiting, and admin workflow for approval/rejection.
  • Privacy Policy Generator: Automatically generates a basic privacy policy based on your site settings, using templates for blogs or e-commerce sites. Easily customizable via shortcodes.
  • Admin Dashboard: Beautiful, responsive dashboard with metrics (total consents, pending requests), sub-pages for settings, logs, requests, audit trails, script manager, and exports (CSV/JSON).
  • Consent Logging & Audit: Logs all consents and actions to the database with IP/user agent hashing for privacy. View/export logs easily.
  • Shortcodes: Embed components easily:
    • [dpdp_grievance_form]: DSR request form.
    • [dpdp_consent_status]: User’s current consent status.
    • [dpdp_privacy_policy]: Dynamic privacy policy.
  • Script Manager: Block or manage third-party scripts based on consent (e.g., GA4, Facebook Pixel integrations via SDK).
  • Security & Performance: Rate limiting, nonces, sanitization, and GDPR-inspired best practices. No external dependencies beyond WordPress core.
  • SDK for Integrations: JavaScript SDK for advanced consent checks (e.g., window.DPDP.getConsent()).

The plugin auto-creates necessary database tables on activation and sets up default pages (Privacy Policy, Consent Status, Grievance Form). It’s lightweight, mobile-responsive, and follows WordPress coding standards.

Why SG2 DPDP Compliance Toolkit?

The DPDP Act mandates consent for personal data processing, data subject rights, and grievance mechanisms. This plugin simplifies compliance without needing custom development.

For support, visit SG2 Technologies or the WordPress.org support forum.

External services

This plugin optionally uses third-party services for enhanced security and analytics. These are configurable and disabled by default. All integrations respect user consent where applicable.

Google reCAPTCHA (Optional, for Grievance Form)

Used for spam protection on the DSR request form.
Data sent: User’s IP address and reCAPTCHA response token only when the form is submitted (if enabled in settings). No personal data is sent without form interaction.
Why/When: To verify human submissions and prevent abuse; called via Google’s API on form POST.
Provider: Google LLC. Terms: https://policies.google.com/terms. Privacy Policy: https://policies.google.com/privacy.

Google Tag Manager (GTM) (Optional, Consent-Based)

Used to load Google Analytics scripts based on user consent.
Data sent: The GA tracking ID when the page loads (only if consent is given for analytics purposes). No personal data transmitted without consent.
Why/When: For analytics tracking; loads dynamically after user consent via the Script Manager.
Provider: Google LLC. Terms: https://marketingplatform.google.com/about/analytics/terms/us/. Privacy Policy: https://policies.google.com/privacy.

All services comply with DPDP consent requirements. Disable in settings if not needed.

FAQ
ChangeLog