DPDP for agencies (India): client-territory playbook
- Connect day-to-day workflows to what you collect, disclose, and retain—on real user journeys.
- Review forms, integrations, and vendor access on a real journey.
- Document decisions so sales and product do not contradict support.
- When stakes are high, verify wording against official resources.
- Use the compliance portal to pick the next operational drill.
Agencies process clients’ customers’ data while controlling martech, drives, and contractor access. DPDP turns vague MSAs into questions about subprocessors, purpose limitation, and provable deletion on churn. Pair with DPA review, vendor checklist, and marketing team norms.
30-day playbook
- Week 1 — Territory audit: List client workspaces (Meta, Google, ESP, CDP). Remove shared “test” audiences.
- Week 2 — MSA alignment: Subprocessors, deletion SLAs, India data handling—match roles to ops.
- Week 3 — Contractors: Access tiers; ban raw list downloads to personal devices policy-wide.
- Week 4 — Offboarding script: Client churn checklist—exports deleted from Figma, Loom, Slack Connect.
Lifecycle
- BD: Your own prospects—not mixed with client warehouses.
- Ingest: Lists, creatives with PII in comments, UGC rights.
- Execute: Day-to-day campaigns; experiments that duplicate audiences.
- Exit: Stale exports in personal Downloads and “archive” drives.
Martech grid
| Layer | Govern | Questions |
|---|---|---|
| Ads / CAPI | Pixels, catalogs, offline imports | Client consent vs your enrichment; audience overlap across brands |
| ESP / CRM | Journeys, suppressions | Sync latency after unsubscribe; shared IP pools? |
| Collaboration | Notion, Figma, Slack Connect | PII in comments; guest access expiry |
| Reporting | BI templates | Accidental unions of client datasets |
Disclosure: Categories for planning; we do not sell top placements. Tool comparisons may later include affiliate labels per editorial policy.
Consent & notice
- Client site vs your processing: Enrichment may exceed what their notice describes.
- Inherited dark patterns: Push back on briefs that over-contact users.
- Co-mingled analytics: One GA property across brands blurs boundaries.
Failure modes
- Intern exports for speed.
- Long-lived QA audiences with real phones.
- White-label sites missing your notice path.
Illustrative hypothetical (fiction, not factual): “NorthRiver Digital” debugs a Klaviyo sync by downloading a suppressed list to a personal sheet. Months later another client’s campaign reuses a tab template and overlaps emails. Fix: client-scoped workspaces, expiring links, and MSAs that name subprocessors—territorial discipline, not another consent banner.