Comply DP

Check definitions index

Structured list of all evaluation identifiers used in ComplyDP preparedness scoring, with legal mapping. Pass, fail, partial, manual, and not-applicable thresholds for each check are provided in the full definition; companies disputing a specific finding receive that definition as part of the dispute review.

Signal indicates the primary detection path (e.g. policy text, cookies, site structure). Some checks combine multiple signals.

Breach

IDCheckProvisionSignal
CHECK_049Breach Notification ProcessSection 8(6)
CHECK_050Breach Reporting ChannelRule 7
CHECK_05172-hour Notification CommitmentSection 8(6)
CHECK_087Breach Notice Consequences DisclosureRule 7(1)(b)
CHECK_088Breach User Safety Steps DisclosedRule 7(1)(d)
CHECK_089Breach Contact Person NamedRule 7(1)(e)

Children

IDCheckProvisionSignal
CHECK_034Parental Consent MechanismSection 9(1)
CHECK_035Age Verification PresentSection 9(1)
CHECK_036No Harmful ProcessingSection 9(2)
CHECK_074No Behavioural Tracking of ChildrenSection 9(3)
CHECK_075No Targeted Ads at ChildrenSection 9(3)
CHECK_109Disability Guardian Consent AddressedSection 9(1), Rule 11children

Consent

IDCheckProvisionSignal
CHECK_016Consent Banner PresenceSection 6
CHECK_017Granular Consent ControlsSection 6(1)
CHECK_018Consent Withdrawal EaseSection 6(4)
CHECK_019No Pre-checked BoxesSection 6(1)
CHECK_020Clear Consent LanguageSection 6(1)
CHECK_021Legitimate Use Without ConsentSection 7
CHECK_022Cookie Consent BannerSection 6
CHECK_023Cookie Categories DisclosedRule 3
CHECK_024No Trackers Before ConsentSection 6
CHECK_065Consent Not BundledSection 6(1)
CHECK_066DPO Contact in Consent RequestSection 6(3)
CHECK_067Consent Withdrawal Comparable EaseSection 6(4)
CHECK_068Legitimate Use Basis DisclosedSection 7
CHECK_079Pre-consent Analytics TrackersSection 6 read with Rule 3cookie_scan
CHECK_080Pre-consent Marketing TrackersSection 6 read with Rule 3cookie_scan
CHECK_081Tracker Inventory DisclosedSection 5(1) read with Rule 3(a)cookie_scan
CHECK_093Misleading Consent ClausesSection 6(1), Section 6(2)
CHECK_101Consent Management Platform DetectedSection 6(7), Section 6(9)consent_manager
CHECK_102Consent Manager IdentifiedSection 6(7)consent_manager
CHECK_103Consent Manager AccessibleSection 6(4), Section 6(7)consent_manager
CHECK_108Cookie Policy Not Browser-Only InstructionsSection 6(4)cookies

Data Collection

IDCheckProvisionSignal
CHECK_037Data MinimizationSection 5(1)
CHECK_038Purpose LimitationSection 5(1)
CHECK_039Form Fields InventorySection 5
CHECK_040Form-level NoticeRule 3
CHECK_041Inferred Data DisclosureSection 5
CHECK_042Sensitive Data HandlingSection 2(t)
CHECK_070Data Accuracy CommitmentSection 8(3)
CHECK_097Signup Flow DetectedSection 5(1), Section 6(1)site_discovery
CHECK_098Checkout/Payment Flow DetectedSection 5(1), Section 6(1)site_discovery
CHECK_106Context-specific Notices at Collection PointsSection 5(1), Rule 3specialized

Notice

IDCheckProvisionSignal
CHECK_001Privacy Notice ExistsRule 3(1)
CHECK_002Notice is StandaloneRule 3(1)
CHECK_003Notice ReadabilityRule 3(2)
CHECK_004Scheduled Languages SupportRule 3, Second Schedule (DPDP Rules 2025)
CHECK_005Indian Language OptionsRule 3, Second Schedule (DPDP Rules 2025)
CHECK_006Data Purpose SpecificitySection 5
CHECK_007Consent Grounds ClaritySection 6
CHECK_008Data Retention PeriodSection 8(7)
CHECK_009Rights of Data PrincipalSection 11-14
CHECK_010Third-party Sharing DisclosureSection 8(8)
CHECK_011Data Fiduciary IdentityRule 3
CHECK_012Security Safeguards DisclosureSection 8(5)
CHECK_013Cross-border Transfer DisclosureSection 16
CHECK_014Breach Notification PolicySection 8(6)
CHECK_015Notice Update HistoryRule 3
CHECK_061Notice IndependenceRule 3(a)
CHECK_062Itemised Personal Data DescriptionRule 3(b)(i)
CHECK_063Specific Goods/Services DescriptionRule 3(b)(ii)
CHECK_064Withdrawal Link in NoticeRule 3(c)(i)
CHECK_082Privacy Policy AccessibilityRule 14(1)(a)
CHECK_091Board Complaint Link in NoticeRule 3(c)(iii)
CHECK_092GDPR Language in DPDP ContextSection 4, Section 6, Section 7
CHECK_095Terms and Conditions Page ExistsSection 5(1)site_discovery
CHECK_096Compliance Links Not BrokenSection 5(1), Rule 3site_discovery
CHECK_099Sitemap PresentSection 5(1)site_discovery
CHECK_100Robots.txt PresentSection 5(1)site_discovery
CHECK_104Section 17 Exemption ClaimsSection 17specialized
CHECK_105Section 15 Duties Not Imposed on UsersSection 15, Section 6(2)specialized

Processor

IDCheckProvisionSignal
CHECK_052Processor Contracts DisclosedSection 8(8)
CHECK_053Third-party List AvailableSection 8(8)
CHECK_054Processor Compliance AssuranceSection 8(8)
CHECK_055Sub-processor DisclosureSection 8(8)
CHECK_069Data Processor Contract DisclosureSection 8(2)

Retention

IDCheckProvisionSignal
CHECK_056Retention Period SpecifiedSection 8(7)
CHECK_057Erasure on WithdrawalSection 8(7)
CHECK_058Erasure Trigger ConditionsSection 12(3)
CHECK_072Erasure on Purpose CompletionSection 8(7)(a)
CHECK_07348-Hour Pre-Erasure NotificationRule 8(2)
CHECK_090Minimum 1-Year Processing Log RetentionRule 8(3)

Rights

IDCheckProvisionSignal
CHECK_025Grievance Officer AppointedRule 6(1)
CHECK_026Grievance Contact DetailsRule 6(1)
CHECK_027Grievance Response TimelineRule 14(3)
CHECK_028Access Request ProcessSection 11
CHECK_029Correction Request ProcessSection 12
CHECK_030Erasure Request ProcessSection 12(3)
CHECK_031Nomination Rights DisclosedSection 14
CHECK_032Rights Portal AccessibleSection 11-14
CHECK_033DSR Form AvailableSection 11-14
CHECK_071Contact Person Prominently PublishedSection 8(9), Rule 9
CHECK_076Data Sharing Identity DisclosureSection 11(1)(b)
CHECK_077Rights Exercise Means PublishedRule 14(1)(a)
CHECK_078Identifier for Rights RequestsRule 14(5)
CHECK_083Contact Person Prominent on HomepageSection 8(9), Rule 9
CHECK_094Dark Patterns in Rights FlowSection 13(1), Section 6(4)

SDF

IDCheckProvisionSignal
CHECK_059SDF Status DisclosureSection 10
CHECK_060Data Protection OfficerSection 10(2)

Security

IDCheckProvisionSignal
CHECK_043HTTPS EnabledSection 8(5)
CHECK_044Security SafeguardsSection 8(5)
CHECK_045Encryption DisclosureSection 8(5), Rule 6(1)(a)
CHECK_046Access ControlsSection 8(5), Rule 6(1)(b)
CHECK_047Security Policy PublishedSection 8(5)
CHECK_048Data Protection MeasuresSection 8(5), Rule 6(1)(g)
CHECK_084Log Retention Period (1 Year)Rule 6(1)(e)
CHECK_085Backup and Recovery MeasuresRule 6(1)(d)
CHECK_086Security Monitoring DisclosureRule 6(1)(c)
CHECK_107Vulnerability Disclosure ProgramSection 8(5), Rule 6(1)(c)security