Personal data in your database: masking and encryption for DPDP
The website is where data enters; the database is where it lives. A practical guide to finding personal data in your schema and deciding what to encrypt, mask, and delete.
- Who this is for
- Developers and DB admins
- What you leave with
- A column-level plan: encrypt, mask, hash, delete
Most DPDP conversations stop at the website: notices, banners, consent. But Section 8(5) and Rule 6 - reasonable security safeguards, and the Act's largest penalty cap - live mostly in your database. This is the practical version of that work.
Start with an inventory, not a tool
List every table and column that holds personal data: names, contacts, addresses, dates of birth, government identifiers, payment details, device identifiers, and the free-text fields where personal data hides. Column names get you most of the way - our Data map automates exactly this pass from your schema structure, without ever seeing the data itself.
Encrypt by sensitivity, not by habit
Disk-level encryption is table stakes. For high-sensitivity columns - government IDs, financial details, anything health-related - add application or column-level encryption so a leaked backup or a curious insider reads nothing useful. Keep keys out of the database they protect.
Mask where humans look
Most real leaks are screenshots, logs, and support tools. Mask personal data wherever people see it routinely: last four digits in the admin panel, hashed identifiers in analytics, and scrubbers on application logs. If your logs contain phone numbers today, that is your first ticket.
Hash what you only compare
Passwords are the obvious case - salted hashes only, never reversible. The same logic fits any value you only ever check for equality.
Delete on schedule
Section 8(7) expects erasure once the purpose is served, and Rule 8 adds fixed retention classes for larger fiduciaries. Retention has to be a column-level decision - an order address and a marketing preference do not deserve the same lifetime. Automate the deletion and log that it ran.
Prove it later
Keep the inventory, the encryption decisions, and the deletion logs. If the Data Protection Board ever asks, the difference between a good day and a bad one is whether this exists in writing.
Map your own schema in about a minute - structure only, never data - with the Data map, or start from the wider picture on the DPDP answers page.
See where your website stands
Free readiness check in about a minute. No card, no signup, no code to install.