Per-route summaries · DRMLAW pages
drmlaw.in/ · Landing
A two-portal landing page. Visitors choose between the litigation practice (/legal) and the techno-legal practice (/technolegal). Brand: DRMLAW · Counsel. Compliance. Evidence.
drmlaw.in/legal · D.R. Mukherjee & Co. Advocates
The traditional litigation, advisory and transactional counsel practice. Appears before the Hon'ble High Court at Calcutta, the Supreme Court of India and arbitral tribunals. Practice areas include corporate & commercial, intellectual property, technology & cyber law, criminal & white-collar defence, real estate & RERA. Pan-India representation through an associated counsel network. /legal.
drmlaw.in/legal/founder · Dipak Ranjan Mukherjee
Founder profile for Dipak Ranjan Mukherjee — Founder Partner, D.R. Mukherjee & Co. Advocates; co-founder, DRMLAW LLP. Advocate at the Hon'ble High Court at Calcutta (30+ years); appearances before the Supreme Court of India, NCLT and arbitral tribunals. C.DPO.DA (FDPPI); AI Governance Aware; CyberLaw Certified (CCLP). Advises boards on DPDPA governance, algorithmic accountability and regulatory risk before the Data Protection Board of India. /legal/founder · LinkedIn.
drmlaw.in/legal/probono · Pro bono & access-to-justice
The firm's pro bono mandates and access-to-justice initiatives — representation for under-resourced litigants, structured legal-aid clinics and policy submissions. /legal/probono.
Direct contact page for the litigation practice — Kolkata HQ, Salt Lake office and Bengaluru desk, telephone, email and a BCI-compliant enquiry form. /legal/contact.
drmlaw.in/resources · Knowledge Hub
A curated, free knowledge hub covering DPDPA 2023, Section 65B / Bharatiya Sakshya Adhiniyam, IT Rules 2021, MSME compliance and sector deep-dives. Used by GCs, DPOs and engineering leaders. /resources.
drmlaw.in/technolegal · DRMLAW LLP Techno-Legal hub
The techno-legal practice's home — DPDPA 2023 compliance, DPO-as-a-Service, corporate privacy training and court-admissible digital forensics, with named offerings, sector deep-dives and contact. /technolegal.
drmlaw.in/technolegal/about · About DRMLAW LLP
The full founding narrative — two-lens framing: Dipak (Founder Partner, D.R. Mukherjee & Co.; co-founder DRMLAW LLP) brings 30+ years at the Calcutta High Court, Supreme Court of India, NCLT and arbitral tribunals plus C.DPO.DA · AI Governance Aware · CyberLaw (CCLP). Rupak (Founder Partner, DRMLAW LLP) brings 25+ years of Oracle Cloud Infrastructure (OCI) engineering leadership and led Privacy Engineering for an internal Oracle division in Europe through live GDPR implementation in the UK (2018) — consent re-architecture, data mapping across 40+ vendor systems, breach response, board-level reporting. /technolegal/about. Full content above in the About section.
drmlaw.in/technolegal/dpdpa · DPDPA compliance — beyond the checkbox
Eyebrow: Beyond the checkbox. Headline: GRC software tracks your data. DRMLAW carries your liability. DRMLAW does not sell GRC platforms or security software. A platform generates a checkmark; it cannot speak for the organisation when a breach happens, an AI pipeline leaks data, or the Data Protection Board of India sends a Section 27 notice. The statutory penalty cap is ₹250 crore per instance for failure of reasonable security safeguards. DRMLAW assesses the business, recommends and coordinates the right technology partners, governs AI usage, trains staff, and represents clients before regulators. Page sections: (1) Hero with self-assessment + speak-to-our-team CTAs; (2) Core philosophy — software is a tool, we are accountable for the outcome; (3) Comparison table "Where software stops, our work begins" — GRC software handles data mapping, automated checklists and vendor risk flagging; DRMLAW additionally handles business-specific risk assessment, independent technology stack selection, AI governance, legal risk judgement, contract & SLA realignment, court-admissible evidence formatting (Bharatiya Sakshya Adhiniyam), workforce privacy training, and representation before the Data Protection Board of India; (4) How we work in six disciplines — business ecosystem assessment, independent technology stack selection, AI governance, contractual & vendor governance, programme management & privacy culture training, forensic readiness & regulatory defence; (5) Roles we fill — Data Protection Officer (DRMLAW as external statutory DPO under Section 10), Chief AI Officer (DRMLAW can serve as or advise), Chief Information Security Officer (DRMLAW guides toward a Virtual CISO or helps you hire one — does not place a CISO directly), Legal Counsel (practising advocates, not a handoff); (6) Three engagement tiers — Service Pack (fixed scope, fixed timeline, fixed fee), Service Pack + DPO-as-a-Service (Section 10 statutory DPO with board reporting), Platinum (full programme; AI Governance + Security Guidance + Advanced Compliance — DRMLAW does not sell security software); (7) Privacy by Design — built in, not on; (8) Sectors served — Educational Institutions, Healthcare Providers, Financial Services & NBFCs, Retail & E-commerce, Professional Services Firms; (9) Pull quote: "A dashboard cannot attend a Data Protection Board hearing. When the statutory cap is ₹250 crore, compliance requires legal judgement, the right technology, and a workforce that understands its role — not just a green checkmark."; (10) Founder credentials — Dipak Ranjan Mukherjee (Advocate Calcutta HC, C.DPO.DA FDPPI, 30+ years) and Rupak Ranjan Mukherjee (C.DPO.DA FDPPI, GDPR UK 2018 live programme, ex-Oracle OCI, ex-TCS); (11) 23-question FAQ across four categories — model, roles, law, engagement; (12) Resources strip — Self-Assessment, Executive Briefing Video, Education Sector Deep-Dive, Consent-Logging Mechanics; (13) Footer CTA — "Don't wait for a breach or a regulator's notice to find the gap in your compliance." Phone +91 98311 61839, email Info@drmlaw.in, offices Kolkata HQ (7A K.S. Roy Road), Salt Lake, Bengaluru (HSR Layout). BCI disclaimer: this page is general information about the firm and the DPDPA, 2023; it is not legal advice and does not constitute advertising or solicitation. /technolegal/dpdpa.
drmlaw.in/technolegal/dpdpa/insights · DPDPA sector-specific insights
A tile-grid catalog of DPDPA insights for institutional readers. Includes the Education sector deep-dive (Section 9 parental consent, LMS vendor due diligence, biometric attendance), the CBSE OSM portal / private universities analysis (Sections 8(5), 9, 10, 17(2)), the Indian retail jewellery DPDPA exposure analysis (KYC, in-store CCTV, loyalty programmes, gold-loan customer data, WhatsApp marketing), the consent-logging mechanics technical brief, the RBI · SEBI · IRDAI sector-overlay map and the anonymised engagement patterns. The board-level executive briefing video is intentionally excluded and lives at drmlaw.in/watch. /technolegal/dpdpa/insights.
drmlaw.in/technolegal/dpdpa/offerings · DPDPA engagement tiers
Three named engagement tiers: (i) DPDPA Compliance Service Pack — finite, project-scoped, fixed scope / timeline / fee; (ii) Service Pack + DPO as a Service — adds a continuous external Data Protection Officer with Section 10 statutory designation and board-level reporting; (iii) Platinum — top-tier enterprise engagement adding AI Governance & Algorithm Auditing, Security Threat Intelligence guidance, PETs, PIA/DPIA integration in the SDLC, cross-border transfer assessments, monthly board briefings, on-call SOC liaison and certification readiness (NIST Privacy Framework, ISO/IEC 31700, ISO 27701). /technolegal/dpdpa/offerings.
drmlaw.in/technolegal/dpdpa/enterprise · DPDPA · Enterprise & SDF engagement
The institutional delivery page for Significant Data Fiduciaries and large enterprises. Frames Dipak's regulatory authority (Advocate, Calcutta HC · C.DPO.DA · AI Governance · CCLP · DPB advisory and appellate practice) and Rupak's planet-scale engineering (25+ years in the Oracle Cloud Infrastructure ecosystem · GDPR UK 2018 · NIST AI RMF · ISO/IEC 42001) as two halves of one mandate — signed under a single letter of engagement, accountable to one board. Explicitly positioned against the separate-legal-advisor + systems integrator model. DRMLAW is the only Indian techno-legal practice where both founding partners hold concurrent C.DPO.DA certification from FDPPI — meaning a single firm can provide the statutory DPO appointment, the independent data audit, the engineering programme to implement controls, and the litigation representation before the Data Protection Board — without handoff risk. /technolegal/dpdpa/enterprise.
drmlaw.in/technolegal/dpdpa/sector-overlays · DPDPA × RBI · SEBI · IRDAI overlays
How the DPDPA, 2023 folds into the three Indian sector-regulator regimes that institutional Data Fiduciaries face concurrently. RBI — Master Direction on Outsourcing of IT Services (Apr 2023) · Master Direction on Information Technology Governance (Nov 2023) · Cyber Security Framework · Digital Lending Guidelines · 2018 payment-data localisation circular. SEBI — Cybersecurity and Cyber Resilience Framework (CSCRF, Aug 2024) · LODR Regulation 30 material-event disclosure · SEBI (Intermediaries) Regulations. IRDAI — Information and Cyber Security Guidelines (Apr 2023) · Maintenance of Insurance Records Regulations · Web Aggregators Regulations. The page maps where DPDPA Section 8(6), Section 8(7), Section 10, Section 11 and Section 16 touch each sector regime, and includes a 5-topic overlap matrix (breach intimation · vendor / processor controls · board oversight · cross-border transfer · AI / algorithmic decisioning). One coordinated programme, not three parallel workstreams. /technolegal/dpdpa/sector-overlays.
drmlaw.in/technolegal/dpdpa/case-studies · Engagement patterns (anonymised)
Three anonymised, BCI-safe engagement patterns showing how a DRMLAW techno-legal mandate is scoped. Pattern 01 — Multi-region OCI SaaS Data Fiduciary: a B2B SaaS company processing data of millions of end-users, approaching Significant Data Fiduciary designation under Section 10; OCI tenants in IN-Mumbai, US-Phoenix, EU-Frankfurt; 40+ third-party SaaS systems; Section 16 cross-border posture + CERT-In 2022 Direction. Pattern 02 — Listed-entity NBFC at the RBI / SEBI / DPDPA seam: NBFC listed on Indian exchanges within scope of RBI Digital Lending, RBI Outsourcing Master Direction, SEBI CSCRF (Aug 2024), LODR Regulation 30 and DPDPA — one ransomware event firing four coordinated notifications from a single triage. Pattern 03 — General insurer with cross-border reinsurance: reconciling DPDPA Section 16 with the IRDAI Maintenance of Insurance Records localisation rule; TPA contract reform under Section 8(7) + IRDAI outsourcing; triple-notification breach playbook (DPDPA 8(6) + CERT-In 2022 + IRDAI); claims-decisioning AI governance under Section 11 + IRDAI responsible-AI + NIST AI RMF + ISO/IEC 42001. Each pattern lists profile, mandate, regulatory seam, five workstreams, artefacts produced and the statutory anchor. No client identities, fee figures or matter outcomes are disclosed. /technolegal/dpdpa/case-studies.
drmlaw.in/technolegal/dpdpa/board-deck · Two-page print-ready board deck
A two-page, A4-landscape, print-optimised board deck designed to be saved as a PDF and handed to a board chair before a sign-off. Page 1 · Why this firm. Masthead with prepared-on date. USP lede: "One firm. One mandate. One accountable signature." — every DPDPA workstream (discovery, consent architecture, AI governance, vendor contracts, breach response, regulator-facing representation) is signed by the same firm, with the FIRM_SIGNAL combined-credential paragraph embedded as the institutional anchor. Section A · "Where software stops, our work begins" — the full 11-row software-vs-DRMLAW comparison table showing that GRC platforms handle data mapping, automated checklists and vendor risk flagging, while business-specific risk assessment, independent technology stack selection, AI governance, legal risk judgement, contract & SLA realignment, BSA-admissible evidence formatting, workforce privacy training and DPB representation are DRMLAW-only. Section B · End-to-end programme management in six signed steps — 01 discovery & risk posture · 02 independent technology stack · 03 AI governance & algorithmic accountability · 04 contract & vendor governance · 05 programme management & training · 06 forensic readiness & regulatory defence — each card naming what the lead partner signs at that step. Page 2 · Who delivers & where it applies. Section C · the full 9-credential stack mapped to DPDPA sections; Section D · the three sector-regulator overlays (RBI · SEBI · IRDAI) with flagship instruments and DRMLAW's combined-regime approach; Section E · five board-chair FAQs (single-firm vs dual-vendor · IT-consulting-firm limits · SDF threshold exposure · concurrent RBI/SEBI/IRDAI reporting · what "end-to-end" actually means). Closing band — "Enterprise DPDPA is not a procurement question. It is a single-mandate question." — and contact details. BCI-compliance footnote on each page. /technolegal/dpdpa/board-deck.
drmlaw.in/credentials · Credentials & Affiliations catalog
Every credential held across the two founding partners as an individual card with the issuer, the holders, the precise DPDPA, 2023 section it answers, and a plain-English explanation. Covers C.DPO.DA (FDPPI · both founders) · Advocate (Bar Council of West Bengal · Dipak) · AI Governance Aware (FDPPI · Dipak) · CyberLaw Certified (CCLP · both) · DPB Advisory & Appellate practice · Oracle Cloud Infrastructure planet-scale engineering · GDPR UK 2018 live programme delivery · NIST AI Risk Management Framework · ISO/IEC 42001 AI management system. /credentials.
drmlaw.in/technolegal/forensics · Digital forensics & Section 65B / BSA evidence
Forensic imaging of disks, mobile devices and cloud workloads; chat & email authentication; insider-threat investigations; expert witness testimony. Every deliverable certified under Section 65B of the Indian Evidence Act and the Bharatiya Sakshya Adhiniyam, 2023, with chain-of-custody and authentication aligned to current Supreme Court jurisprudence (including Arjun Panditrao). /technolegal/forensics.
drmlaw.in/technolegal/training · Corporate privacy training
Role-specific learning journeys — board briefings, engineering workshops, marketing & HR sessions and breach-response tabletop drills. Content covers the DPDPA 2023, Privacy by Design, consent and Data Principal request workflows, and real Indian enforcement precedent. /technolegal/training.
drmlaw.in/technolegal/dpdpa/tools/self-assessment · DPDPA self-assessment
A free, anonymous 60-second DPDPA readiness diagnostic for Indian businesses. No login. Short alias: drmlaw.in/assess. Canonical: /technolegal/dpdpa/tools/self-assessment.
drmlaw.in/technolegal/dpdpa/tools/briefing-video · DPDPA executive briefing
An executive briefing video for boards and business owners — what the DPDPA, 2023 means for an Indian Data Fiduciary, what is mandatory, what is discretionary and what the realistic timeline to compliance looks like. Short alias: drmlaw.in/watch. Canonical: /technolegal/dpdpa/tools/briefing-video.
drmlaw.in/technolegal/dpdpa/tools/sector-education · Educational Institutes deep-dive
A sector deep-dive for schools, universities and EdTech operators — parental consent under Section 9 of the DPDPA, LMS vendor due diligence, biometric attendance, cross-border SaaS, and bug-bounty programmes as a compliance control. Short alias: drmlaw.in/education. Canonical: /technolegal/dpdpa/tools/sector-education.
drmlaw.in/about · Firm overview
Shared About page covering the heritage and structure of the two-firm practice — D.R. Mukherjee & Co. Advocates (litigation) and DRMLAW LLP (techno-legal), the office network across Kolkata and Bengaluru, BCI-compliant ethical posture and a summary of how mandates are routed between the two practices. /about.
drmlaw.in/cookie-policy · Cookie & site-data policy
The firm uses only essential local storage to remember disclaimer acknowledgment and cookie choice. No third-party analytics or advertising trackers are loaded today. /cookie-policy.
© DRMLAW. Bound by attorney–client privilege and Bar Council of India ethical norms. This page is general information about the firm and the Digital Personal Data Protection Act, 2023; it is not legal advice.
