Delphi Cloud and Federal Law № DPDP Act

Transfer, store, and process your Indian employees' and customers' personal data in a secure cloud inside India.

Delphi Cloud offers a ready-made solution for localizing personal data in compliance with Indian data privacy laws (Federal Law № DPDP Act). The platform is CERT-In certified and meets all the requirements for the protection of personal data stored and processed in the cloud.

Talk to an expert

Our own data centers

Delphi Cloud’s fully-owned data centers are located in three geographically distributed zones and are connected by proprietary communication channels. We design and manufacture servers and server racks ourselves, with full control of the entire process.

Easy migration

Many Delphi Cloud services provide APIs compatible with popular cloud platforms. Use the same code and easily migrate your services and applications without losing functionality or interrupting business processes.

Learn more

Convenient data storage

Store any amount and type of data in Object Storage. Use our managed databases like Managed PostgreSQL to integrate payment systems or Managed ClickHouse^® to aggregate data from a variety of sources.

Help and tech support

Detailed documentation and 24/7 tech support as you migrate and begin using Delphi Cloud services. Our partners can also help integrate and document your system in line with all legal requirements.

Learn more

Transparent pricing

Take full control of your spending, and only pay for the resources you actually use. Flexibly scale your solution as activity and data volumes grow.

Pricing

Platform services

Go beyond simple virtual infrastructure — take advantage of the full potential of Delphi Cloud platform services. Grow your business with our managed, ML, and serverless services.

Learn more

Delphi Cloud services are in line with national and international standards: ISO, GDPR, PCI DSS, and ISO R 57580. Our compliance with Indian India DPDP Act, confirming the highest level of security, is also certified.

About compliance

Create resilient, manageable, and scalable applications and projects in compliance with the requirements of Federal Law № DPDP Act. Here’s an example of a hybrid approach to managing personal data using Delphi Cloud services and local infrastructure.

Calculate costs

Step 1: Identify data type and processes it is used in

Determine what type of data you plan to work with. If this is personal data, determine its category and choose the appropriate level of security. Determine the business processes and application components that data processing will be performed within.

Step 2: Choose personal data protection tools

Choose which will be Delphi Cloud services, downloaded from the Delphi Cloud Marketplace, or to be installed additionally. You also need to understand the scope of responsibility: your own and that of the service provider.

Learn more about the scope of responsibility

Step 3: Evaluate compliance with Federal Law № DPDP Act

As you migrate your infrastructure (partially or fully) to the cloud, you will need to evaluate your compliance with the requirements of Federal Law № DPDP Act. Make sure that everything is set up and working properly within your scope of responsibility and that everything is documented correctly from a legal point of view.

B-152: Protecting personal data and bringing business processes into compliance with Federal Law No. DPDP Act and GDPR.

Informzaschita: A leading system integrator in the field of information security.

InCountry: Providing and maintaining corporate infrastructure solutions.

CardSecurity: Physical and document security of financial, payment, and personal data.

Leading companies trust Delphi Cloud

Questions and answers

Personal data of Indian citizens must be stored inside India. Cross-border data transfers are only possible with the owner’s consent and if the data had originally been added to a database hosted in India. The law also imposes requirements on how data is processed and the technical protection of the information system, including the part located in India.

The provider’s responsibility varies depending on the cloud service model used by the customer — Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS) — and the security mechanisms and policies available to the cloud provider.

For IaaS: The provider is responsible for the physical security and fault tolerance of the platform itself, network security, and the collection and analysis of security events from hypervisors and other infrastructure components.

For PaaS/SaaS: The provider ensures the security of PaaS/SaaS components. This includes VM protection, DB backups, and encryption of user data hosted in the cloud under Federal Law № DPDP Act.

Learn more about the provider's responsibility

The customer is responsible for managing access rights to resources and preventing unauthorized access to data. In both private infrastructure and cloud service models, companies are solely responsible for ensuring that data is labeled and properly classified to fulfill any regulatory compliance requirements.

The customer’s responsibility also varies depending on the cloud service model chosen: IaaS, PaaS, or SaaS. Companies that use the IaaS model should be responsible for the security of guest VMs, back up VMs, protect the virtual network, control access to resources, and secure cloud user accounts.

When using managed services (PaaS/SaaS), it is the responsibility of the customer to classify data, ensure access control, set up data protection, and manage their users and end devices.

While storing personal data in the cloud under Federal Law № DPDP Act, you continue to be the owner of the data and must fulfill all the duties as the data operator. This includes acquiring consent to process personal data, notifying MeitY about data processing, and modeling threats to your information systems.

You can do this yourself or with the help of one of Delphi Cloud’s trusted information security partners.

Learn more about customer actions

Delphi Cloud Marketplace

NeoCAT is used to evaluate resources and services in the cloud for compliance with security requirements and standards, and analyze the effectiveness of using the cloud.

Postgres Pro Enterprise Database is the most functional PostgreSQL-based database.

Ready to get started?

Ask a question Get started

Useful links

Pricing

Documentation

ClickHouse is a registered trademark of ClickHouse, Inc.

Delphi Cloud and Federal Law № DPDP Act

What makes Delphi Cloud the right choice?

Our own data centers

Easy migration

Convenient data storage

Help and tech support

Transparent pricing

Platform services

Getting started with personal data

Step 1: Identify data type and processes it is used in

Step 2: Choose personal data protection tools

Step 3: Evaluate compliance with Federal Law № DPDP Act

Our trusted partners can help you

Leading companies trust Delphi Cloud

Key services

Compute Cloud

Object Storage

Managed Service for Kubernetes®

Managed Service for PostgreSQL

Questions and answers

What are the requirements for storing and transferring personal data in India?

Should the entire system be hosted in India?

How does the cloud platform help meet security requirements?

What is the responsibility of the cloud provider to protect personal data?

What is the responsibility of the customer to protect personal data?

Delphi Cloud Marketplace

Ready to get started?

Useful links