Next batch starts 01 Jun 2026  ·  Last date to apply: 31 May 2026  ·  Fee: ₹5,750 + GST  ·  Online · 3 Months

Home Courses Certificate in Data Protection Law
Asian School of Cyber Laws

Certificate in Data Protection Law

The right place to start. Data privacy is one of the fastest-growing legal and compliance fields in India. This 3-month online course gives you the foundational knowledge of the DPDP Act 2023 and global privacy law — and shows you whether this is the career you want to build.

Expert Course Mentor: Vasanthika Srinath | ASCL Mentor: Gokul Narayan
FoundationEntry level
3 MonthsDuration
OnlineSelf-paced
Open Book100-mark exam
EnglishLanguage
01 Jun 2026Batch starts
₹5,750
+ GST
Ready for the professional course? See the CDPO programme →
Overview Curriculum The Market Interview Prep Who Is It For Faculty Next Step Enrol
Before you enrol

Data privacy is not just a compliance checkbox. It is a career.

Five years ago, "Data Protection Officer" was not a job title most people had heard of. Today it is a statutory role under Indian law. The DPDP Act 2023 requires every Significant Data Fiduciary to appoint one — and every other organisation processing personal data to assign someone who understands these obligations.

This course is for people who want to find out if that person could be them. It covers the DPDP Act, key global privacy frameworks, and the core concepts every compliance professional in this field must understand. It is a foundation — not the full building. But the right foundation changes what you can build next.

If after completing this course you decide this is the field you want to work in seriously, the Certified Data Protection Officer programme is the next step. It is built for exactly that transition.

The CDPO programme — India's most advanced DPO qualification with live platform access — is open for early bird enrolment at ₹25,000 + GST until 15 Jun 2026. See the CDPO programme →

Course details

At a glance

Duration
3 Months
Level
Foundation
Fee
₹5,750 + 18% GST
Next Batch
01 Jun 2026
Last Date to Apply
31 May 2026
Assessment
100-mark open-book online exam
Passing Criteria
Minimum 40%
Certificate
ASCL Certificate on completion
Course curriculum

What this course covers

This course covers Indian data protection law in full — the DPDP Act 2023, its rules, key obligations, and how it connects to global frameworks like the GDPR. It is designed for people with no prior legal background as well as professionals who need to formalise their understanding.

01
Indian Law Relating to Data Protection and Privacy
The DPDP Act 2023 from first principles — its structure, its definitions, and why it was passed. Who it applies to, what it regulates, and what it does not cover. How it connects to the broader legal landscape of digital rights in India.
02
Lawful Processing of Personal Data
What makes processing lawful under the Act — consent, legitimate use, and the specific conditions under which each applies. When consent is required, what it must look like, and what withdrawal means in practice. How the Act's plain-language and itemised-notice requirements work.
03
Rights and Duties of Individuals (Data Principals)
What rights a Data Principal holds under the Act — access, correction, erasure, grievance redressal, and nomination. What duties they carry in return. How the 90-day grievance window works and what happens when it is not met.
04
General Obligations of Data Fiduciaries
What every organisation processing personal data must do — notice requirements, purpose limitation, data minimisation, accuracy, security safeguards, and breach notification. The statutory language: "irrespective of any agreement to the contrary" and what it means for accountability.
05
Cross-Border Data Transfers
How the Act governs the transfer of personal data outside India — which countries are permitted destinations, what documentation is required, and how this connects to global frameworks. The Government's power to restrict transfers and how this is expected to develop post-2027.
06
Government Exemptions
The specific exemptions granted to the Government of India for data collection and processing — where they apply, where they do not, and what they mean for compliance practitioners advising public sector or regulated entities.
23L+
Indian entities legally required to comply with the DPDP Act
25,000
Trained data privacy professionals currently in India
May 2027
The deadline. Not a suggestion.

India has over 23 lakh entities legally required to comply with the DPDP Act and fewer than 25,000 trained privacy professionals to serve them. The gap between what the law requires and the workforce available to deliver it is the largest regulatory talent shortage in Indian corporate history. The professionals who get qualified now will be the ones organisations turn to when the deadline hits.

Career readiness

The questions they will ask you. The answers you will know.

Data privacy roles are being created faster than qualified professionals can fill them. Knowing the law is half the preparation. Knowing how to present that knowledge in an interview is the other half. These are the questions hiring managers ask — and the answers this course prepares you to give.

Q1: How do you apply data protection law in real-world cases?
You identify the processing activity, determine the applicable legal basis under the DPDP Act, check whether the data subject's rights are being properly respected, and verify that appropriate security measures are in place. In practice this means mapping data flows, reviewing consent mechanisms, and ensuring breach notification procedures exist and are tested.
Q2: What is the difference between a Data Fiduciary and a Data Processor under the DPDP Act?
A Data Fiduciary determines the purpose and means of processing personal data. A Data Processor processes data on behalf of a Fiduciary. The critical point is that the Fiduciary remains liable regardless of processor conduct — "irrespective of any agreement to the contrary" is the statutory language. Understanding this distinction is essential for both employed DPOs and external consultants.
Q3: What must a Data Fiduciary do when a data breach occurs?
Notify the Data Protection Board as soon as possible — the Rules specify a 72-hour window. The notification must describe the nature of the breach, the data affected, the likely consequences, and the remedial measures taken. Affected Data Principals must also be informed where the breach is likely to harm them.
Q4: When can personal data be transferred outside India?
Only to countries notified by the Central Government as permitted destinations, or in accordance with the specific consent and contractual requirements set out in the Rules. The Act gives the Government broad power to restrict or condition cross-border transfers, and these restrictions are expected to develop further post-2027.
Q5: What is the maximum penalty under the DPDP Act and what triggers it?
Up to ₹250 crore for failing to implement adequate security safeguards resulting in a data breach. Up to ₹200 crore for failing to notify the Board of a breach. Penalties are not automatic — the Data Protection Board adjudicates — but the amounts are significant enough that organisations are taking compliance seriously well in advance of the deadline.
Fit

Who should take this course — and who should not

✓  This course is for you if

  • You are a lawyer or law student who wants to build data privacy into your practice
  • You are a compliance professional who needs to formalise your understanding of the DPDP Act
  • You are an HR, IT, or operations professional who has been asked to manage privacy obligations in your organisation
  • You are exploring data privacy as a career change and want a structured, expert-led introduction
  • You want to understand the CDPO programme before committing to the advanced course
  • You have no prior legal background — the course is written to be understood by non-lawyers

✗  This course is not for you if

  • You need a tool-based or hands-on compliance programme — that is the CDPO course
  • You need certification for active DPO practice — this course provides the foundation, not the full professional qualification
  • You need in-depth coverage of global law frameworks — this course focuses on Indian law with global context, not global law in depth
  • You need a credential to present to a Significant Data Fiduciary as a qualified DPO
If you need the full professional DPO qualification with platform access, 16 modules, and 362 controls across 23 jurisdictions — that is the CDPO programme.  See the CDPO programme →
The people behind the programme

Built and mentored by practitioners

Expert Course Mentor
Vasanthika Srinath

Founder and Managing Partner at Arnava Legal. Certified FIP (CIPPE, CIPM) and CDPO with nearly three decades of expertise in technology law, data protection, and AI regulation. Former Global VP and DPO at Concentrix. Has led major GDPR and DPDPA compliance initiatives and continues to advise organisations on privacy and regulatory strategy.

Connect on LinkedIn
ASCL Mentor
Gokul Narayan

CEO of Asian School of Cyber Laws. Has trained over 150,000 participants — including law professionals, IT experts, and compliance teams — across 50+ universities and organisations. A respected figure in legal moot courts, mediations, and negotiations. The person who has put ASCL's content in front of more professionals than anyone else in India's cyber law space.

Connect on LinkedIn

Start here.
The deadline is real.

The next batch starts 01 Jun 2026. The last date to apply is 31 May 2026. Enrolment is online and takes under five minutes.

If you are considering the CDPO programme but want to be certain data privacy is the right field for you first, this is the right place to start. The Certificate course covers the legal foundations. The CDPO programme — which starts 1 Jul 2026 — takes you all the way to professional practice.

  • Full 3-month online curriculum covering the DPDP Act 2023
  • Lawful processing, Data Principal rights, Fiduciary obligations
  • Cross-border transfers and government exemptions
  • Interview preparation — 5 real-world Q&As with model answers
  • 100-mark open-book online exam
  • Minimum 40% to pass
  • ASCL Certificate on successful completion
  • GST invoice on request
₹5,750
+ GST
  • Next batch01 Jun 2026
  • Last date to apply31 May 2026
  • Duration3 months
  • FormatOnline · Self-paced
  • Full DPDP Act 2023 curriculum
  • 2 hours on-demand video lessons
  • Exclusive digital courseware
  • Open-book exam — attempt when ready
  • Printed, verifiable ASCL certificate
  • GST invoice on request
Already know this is the field for you? The CDPO programme is open for early bird enrolment at ₹25,000 + GST until 15 Jun 2026. See the CDPO programme →
Where this leads

The Certificate course is the beginning. The CDPO programme is the profession.

This course gives you the legal foundation. The Certified Data Protection Officer programme gives you the tools, the platform, the 16-module curriculum, and the credential to practise. If after three months on this course you decide data privacy is your field — the CDPO programme is the next step, and it is designed to take you directly from where this course leaves off.

Certificate in Data Protection Law Certified Data Protection Officer (CDPO)
Level Foundation Professional
Duration 3 months
Fee ₹5,750 + GST ₹35,000 + GST
₹25,000 + GST (Early Bird fee) — closes 15 Jun 2026
vDPO Platform Access No Yes — full access
Curriculum 6 topics — Indian law + global context 16 modules · 362 controls
Jurisdiction Coverage India + global overview 23 jurisdictions · 44+ laws
Outcome Foundation knowledge of data protection law Qualified to practise as a DPO — employed or as a consultant
Enrol in CDPO — Early bird closes 15 Jun 2026 → Early bird fee: ₹25,000 + GST  ·  Course starts 1 Jul 2026
FAQ

Questions answered directly.

Still have a question? Write to us — a real person from the ASCL team will respond.

Who is this course for?
Anyone who wants a structured, expert-led introduction to data protection law in India. Lawyers, compliance professionals, HR and IT professionals, students, and career-changers are all suitable candidates.
Do I need a legal background?
No. The eligibility requirement is higher secondary pass and general internet awareness. The course is written to be understood by non-lawyers.
What is the assessment format?
A 100-mark open-book online exam. The minimum passing score is 40%. You can attempt the exam when you feel ready — there is no fixed exam date.
What certificate will I receive?
A Certificate in Data Protection Law from Asian School of Cyber Laws on successful completion. The certificate is printed and verifiable.
Is this enough to practise as a DPO?
No. This course gives you the foundation. To practise as a DPO — employed or as a consultant — you need the CDPO programme, which covers the full 16-module professional curriculum with live vDPO platform access.
How does this course connect to the CDPO programme?
Directly. The Certificate course covers the legal foundations. The CDPO programme begins where this course ends — and adds the advanced obligations, platform tools, and cross-jurisdiction coverage that professional practice requires. Many students use the Certificate course to confirm this is the right field before committing to the CDPO programme.
Is a GST invoice available?
Yes. Note it at enrolment and a GST invoice will be provided.

Join Now!

Step 1: Make Payment
Step 2: Application Form

Next batch: 01 Jun 2026.

Last date to apply: 31 May 2026. Online · 3 months · Open-book exam.

₹5,750 + GST