ProtectComplyYour Compliance partner
← Back to DPDP primer

DPDP §13

Grievance Redressal

Paraphrased legal text

Every Data Fiduciary must publish the contact details of its Data Protection Officer (or person responsible for grievance redressal), and must respond to and resolve grievances within a prescribed period.

What this means in plain English

  • Publish a grievance officer (DPO or designate).
  • Acknowledge and resolve every grievance within the prescribed period.
  • Rule 13 sets the resolution window at 90 days.
  • Refusal must state reasons in writing — Rule 13(2).

Penalty if you get this wrong

Up to ₹50 crore — grouped under principal-rights obligations.

How ProtectComply solves it

Grievance Management

  • Public form at /grievance/[org] with DPO contact published
  • 90-day SLA timer + two automatic escalations
  • Refusal-must-state-reasons enforced at the contract layer
  • Audit trail + Board-ready grievance register export
See the module →

Related

DPDP §11 — Right to Access, Correction, ErasureDPDP Rule 12 (2025) — Exercise of Principal RightsDPDP Rule 13 (2025) — Grievance Resolution Timeline