Barracuda Privacy Mapping: India

This guide is designed to help Customers map Barracuda’s Privacy Documentation to the relevant requirements under India’s Digital Personal Data Protection Act (DPDP). Customers may use this tool to streamline internal assessments, validate regulatory alignment, and better understand how Barracuda’s security, privacy, and data-processing practices relate to DPDP expectations. This guide is not legal advice or contractual guarantees. Customers should obtain advice from their own attorney. Please direct questions to privacy@barracuda.com.

India’s DPDP Requirement	Barracuda Privacy Documentation
Notice & Consent (Sections 5-6)	Barracuda provides a privacy notice, a global data processing addendum, and obtains necessary processing consent. See Barracuda’s Privacy Notice, Barracuda’s Global DPA (Sec. 3), and Barracuda’s Legal Homepage.
Security Safeguards (Section 8, Rule 6)	Barracuda has security safeguards in place. ISO and SOC2 Type II Certifications are available on the Trust Center. See Security Certifications.
Data Subject Rights (Sections 11-13)	Barracuda supports Data Subject’s Rights Requests (e.g. Access, deletion, correction). See Barracuda’s Privacy Notice (Sec. 6) and Barracuda’s Global DPA (Sec. 7).
Breach Notification (Section 8, Rule 7)	Barracuda’s incident response practices align with the local notification obligations and timeframes. See Barracuda’s Global DPA (Sec. 8).
Cross-Border Transfers (Section 17, Rule 15)	Barracuda uses contractual safeguards for cross-border transfers and offers cloud storage for applicable products in Indian data centers. See Barracuda’s Global DPA (Sec. 12) and Barracuda’s Product Guides.
Significant Data Fiduciary Obligations (Section 10, Rule 13)	Barracuda is not designated as a Significant Data Fiduciary.
Processor Commitments (Section 8)	Barracuda Sub-processors can only process data under documented instructions and must follow breach notification requirements, data subject rights, and audits. See Barracuda’s Global DPA (Sec. 6).