This paper analyzes the requirements for personal data breach notification under India’s Digital Personal Data Protection Act, 2023[1] (the DPDPA) and provides a discussion draft template policy for assessing privacy and security incidents to determine if they trigger these notification requirements.