How is the DPDP Act relevant to customer experience?

The Digital Personal Data Protection Act 2023 requires explicit consent, purpose limitation and grievance redressal for personal data handling. Compliant processes — clear consent banners, easy data-correction requests and a published grievance officer — improve trust and become a competitive advantage.

What metrics should an SME track for customer-centricity?

Net Promoter Score (quarterly), customer effort score on top transactions, first-response time on complaints, 90-day repeat purchase rate and complaint resolution time. Review these monthly with leadership and segment by region and product line.

Are refund timelines regulated in India?

The Consumer Protection (E-Commerce) Rules 2020 require sellers to process refunds within the timelines committed at the time of sale, and to publish their refund policy clearly. For payment-related refunds, RBI guidelines also apply to acquirers and aggregators.

How do I build a single customer view affordably?

Start with a unified inbox tool that aggregates email, WhatsApp Business and chat. Connect it to your CRM via simple integrations. Append payment data through your gateway exports. The objective is one screen per customer — not a fancy platform.

Customer-Centric Approach

Customer-Centric Approach: A Compliance-Aware Playbook for Indian Businesses in 2026

A customer-centric business in India in 2026 organises every function — product, operations, finance and compliance — around one question: does this make the customer's life measurably easier? The answer is no longer just a brand promise. The Digital Personal Data Protection (DPDP) Act 2023, the Consumer Protection (E-Commerce) Rules 2020 and the RBI's digital-lending framework have given Indian consumers enforceable rights. Businesses that treat customer-centricity as both a growth strategy and a compliance obligation will compound trust; those that do not face regulatory action, consumer forum orders and accelerating churn.

What Customer-Centricity Actually Means in 2026

Customer-centricity is not a loyalty programme, a chatbot or a customer-satisfaction tagline on your website. It is the organisational discipline of making decisions from the outside in — starting with the customer's outcome and working backwards into your processes, technology and incentives.

For an Indian business in FY 2026-27, that means confronting a market where ONDC (Open Network for Digital Commerce) lets a buyer compare your pricing with every competitor in real time, where Account Aggregator networks let customers share or revoke their financial data with you instantly, and where a generation that received grocery deliveries in ten minutes now expects support responses in the same window.

Four structural shifts make 2026 different from any prior year:

The DPDP Act 2023 has converted customer data rights from aspiration to enforceable entitlement.
The CCPA (Central Consumer Protection Authority) actively enforces against dark patterns — fake countdown timers, hidden charges, confusing unsubscribe flows.
ONDC-enabled price transparency compresses margin for businesses that compete only on product.
Social media amplification means a single unresolved complaint in a WhatsApp family group of 250 people reaches more potential buyers than a newspaper ad.

Customer-centricity in this environment is operational, measurable and regulated. It is not a slide-deck aspiration.

The Regulatory Floor You Must Meet Before Anything Else

Before you think about NPS surveys or loyalty programmes, get the compliance baseline right. Regulatory lapses are themselves a catastrophic customer experience failure.

DPDP Act 2023: Your Data Obligations as a Data Fiduciary

The Digital Personal Data Protection Act 2023 applies to every entity that determines the purpose and means of processing personal data — that is, to almost every Indian business that collects a customer's name, phone number, purchase history or even a device ID linked to an identifiable person. If you collect it, you are a Data Fiduciary.

What you must operationalise:

Obtain free, specific, informed and unambiguous consent before processing. Pre-ticked boxes and consent buried in terms-of-service do not qualify.
Use data only for the purpose for which consent was given — sending order confirmations does not give you permission to send marketing emails.
Erase personal data once the stated purpose is fulfilled or the customer withdraws consent, unless a separate law (e.g., the Companies Act 2013 or GST rules) mandates retention.
Publish a plain-language privacy notice — one that a Class 8 student can read and understand. Legalese-only notices do not satisfy the Act's intent.
Name a Grievance Officer with published contact details and ensure the channel is actually monitored.
If designated a Significant Data Fiduciary (threshold as notified by the Central Government), appoint a Data Protection Officer and conduct periodic Data Protection Impact Assessments.

Customer rights you must be able to fulfil (Sections 11–13):

Right of access: A customer can ask what personal data you hold about them and how it is used.
Right to correction and erasure: They can require you to correct inaccurate data or delete it.
Right to grievance redressal: They can complain to you first, and if unsatisfied, escalate to the Data Protection Board of India.

Penalty exposure: The Schedule to the DPDP Act provides for penalties up to Rs. 250 crore for failure to take reasonable security safeguards, and up to Rs. 200 crore for failure to notify a data breach to the Data Protection Board and affected Data Principals. Even for an SME, a single enforcement action at even a fraction of these maxima can be existential.

Action you can take today: Map every customer touchpoint — website sign-up form, WhatsApp opt-in, loyalty enrolment, payment page — and confirm that each carries a compliant consent mechanism and a linked, readable privacy notice. Fix the gaps before your next marketing campaign.

Consumer Protection (E-Commerce) Rules 2020: The Service-Level Floor

If you sell goods or services online — whether through your own website, a mobile app or a marketplace listing — these Rules impose direct obligations.

Non-negotiable requirements:

Name a Grievance Officer who is an Indian resident; publish their name, designation, email and phone on your website.
Acknowledge complaints within 48 hours and redress them within one month of receipt (Rule 5(3)).
Display a clear refund and cancellation policy — ambiguous or effectively inaccessible policies constitute unfair trade practice under the Consumer Protection Act 2019.
Do not use dark patterns: fake urgency timers, hidden fees at checkout, basket-sneaking (adding items without explicit customer action) or confusing unsubscribe flows. The CCPA's November 2023 guidelines on dark patterns are actively enforced.

The 48-hour acknowledgement and one-month resolution are legal minimums. Best-in-class Indian businesses acknowledge within two hours and resolve within 48 hours. The gap between the legal minimum and actual best practice is where churn lives.

Building a Single Customer View

A customer-centric business cannot function when the sales team sees one version of the customer, the finance team sees another and the support team sees a third. The Single Customer View (SCV) is the technical and operational pre-condition for everything else.

What an SCV must contain:

Identity: verified phone, verified email, PAN reference (masked) where collected with consent
Transaction history: orders, GST invoice numbers, payment modes, refund records
Support history: tickets raised, SLA adherence, resolution quality ratings
Behavioural signals: repeat purchase pattern, abandoned transactions, NPS responses
Consent record: what the customer consented to, on which channel and on what date — this is a DPDP Act requirement, not a nice-to-have

Building an SCV without enterprise budget: Most Indian SMEs can achieve 80% of an SCV by integrating three tools — a CRM (Zoho CRM or HubSpot free tier), a helpdesk (Freshdesk or Zoho Desk) and a payments dashboard (Razorpay or PayU). Use the customer's verified mobile number as the common unique identifier across all three. Weekly synchronisation is sufficient if real-time integration is not yet affordable.

The SCV also directly supports DPDP Act compliance: when a customer exercises their right of access and asks "What data do you hold on me?", you can answer accurately in minutes rather than scrambling across four spreadsheets for a week.

Listening Channels That Scale for Indian SMEs

You cannot improve what you cannot hear. Indian customers in 2026 complain and praise across multiple channels simultaneously, rarely repeating themselves across platforms. A structured listening system is not optional.

The Four Channels You Cannot Afford to Ignore

Google Business Profile and Justdial: The first place a prospective customer looks before purchase. Respond to every review — positive and negative — within 48 hours. A considered response to a two-star review demonstrably affects conversion rates for new visitors.

WhatsApp Business: Over 500 million active Indian users. Set up a verified WhatsApp Business account, configure quick replies for your top five query types (order status, refund ETA, invoice copy, product spec, delivery timeline) and route escalations to a named human within four hours.

Instagram DMs: For consumer-facing brands, DMs are a primary complaint channel. A message left unread for 24 hours often surfaces as a screenshot in comment sections, amplifying the complaint to a broader audience.

Structured NPS Surveys: A quarterly Net Promoter Score (NPS) survey with a minimum of 200 responses gives you statistically reliable data. Send it 7–10 days after a transaction closes — not immediately when the customer has not yet experienced your full service cycle. Tools like Typeform, SurveySparrow or a well-designed Google Form are sufficient for SMEs.

What to Do With What You Hear

Tag every incoming complaint and feedback with a reason code: billing, delivery-delay, product-quality, staff-attitude, refund-pending, app-bug. Review the top three reason codes every Monday with your operations team. If refund-pending appears in the top three for three consecutive weeks, that is a process failure in your finance or operations team — not a customer-service failure. Fix the process, not just the complaint.

The Service Recovery Playbook

The service recovery paradox is well-established: a customer who experiences a problem that is promptly and well-resolved often ends up more loyal than a customer who never had a problem. In India, where word-of-mouth travels at speed through WhatsApp groups, this effect is amplified significantly.

Build your playbook around four non-negotiable steps:

Acknowledge within two hours. No investigation is needed at this stage. A message that says, "We have received your concern, [Name]. Our team is on it and will update you by [specific time]" costs nothing and prevents escalation to a consumer forum.

Empower frontline staff to resolve up to a defined rupee limit. If a delivery was wrong and the fix costs Rs. 600, your support agent should not need manager sign-off. Define the threshold for your business — Rs. 500 to Rs. 5,000 is typical for Indian SMEs — train staff to act within it and review spend monthly.

Escalate automatically at four hours if unresolved. Build this as an automated SLA rule in your helpdesk. Anything unresolved past four hours flags to a team lead; anything past 24 hours flags to a function head.

Close the loop personally after resolution. A brief call or WhatsApp message from a named team member — "Hi [Name], I'm Anita from our customer success team — I wanted to confirm your replacement has been dispatched and personally apologise for the inconvenience" — converts a dissatisfied customer into an advocate more reliably than any discount voucher.

Worked Example: The Real Cost of Getting Service Recovery Wrong

Scenario: An e-commerce startup sells premium kitchen appliances. A customer in Pune orders a food processor (invoice value: Rs. 14,160 including 12% GST) in January 2026. The product arrives with a damaged motor. The customer raises a complaint on WhatsApp and emails the Grievance Officer listed on the website.

What goes wrong:

No acknowledgement for 72 hours — breaching the 48-hour rule under the E-Commerce Rules 2020.
Internal back-and-forth between support, warehouse and finance delays the refund to 52 days.
Customer approaches the District Consumer Disputes Redressal Commission, Pune.

Financial outcome of inaction:

Item	Amount
Full product refund ordered	Rs. 14,160
Compensation awarded (harassment, mental agony)	Rs. 22,000
Business's legal representation costs	Rs. 18,000
Lost future purchases (customer lifetime value, estimated)	Rs. 45,000
Reputational cost: 1-star review, seen by 4,000 people via Google	Unquantified
Total cost of inaction	Rs. 99,160+

What proactive service recovery would have cost:

Full replacement unit dispatched within 72 hours (product cost + courier): Rs. 15,500
A handwritten apology note and a Rs. 500 goodwill voucher: Rs. 600
Total cost of proactive resolution: Rs. 16,100

The difference — Rs. 83,000 — is the measurable penalty for treating service recovery as a cost rather than an investment. The compliance breach (missing the 48-hour acknowledgement) amplified every downstream consequence.

Measuring What Matters: The Right Metrics for FY 2026-27

Do not measure customer-centricity by the volume of five-star reviews. Measure it by leading indicators that predict future revenue.

Net Promoter Score (NPS)

Survey at least 200 customers per quarter. Segment results by geography (metro vs. Tier 2/3 cities), by product line and by customer tenure (under 6 months, 6–24 months, over 24 months). A company-wide NPS of 45 can hide a product line dragging at NPS 8 beneath a flagship product at NPS 65 — segmentation reveals the problem.

The rule most businesses break: Do not stop at the score. Read every verbatim comment. The score tells you the trend; the comments tell you what to fix.

Customer Effort Score (CES)

After each of your top three transactions — placing an order, processing a refund, reaching your support team — ask: "On a scale of 1 to 7, how easy was it to [complete this]?" Low effort correlates with retention far more reliably than satisfaction alone. A customer who got the right outcome after enormous effort will still churn.

90-Day Repeat Purchase Rate

For B2C businesses: what percentage of first-time buyers make a second purchase within 90 days? Track this monthly by acquisition channel. If organic referrals have a 42% repeat rate and paid-ad customers have 15%, your customer acquisition cost economics look entirely different once lifetime value enters the calculation.

Weekly Leadership Complaint Audit

Once a week, a senior leader — the founder, COO or CFO — reads one closed complaint in full: the original complaint, every message in the thread, the resolution and the customer's final response. No summary. The raw interaction. This single habit prevents the "everything is fine" reporting bias that accumulates in any growing organisation.

Common Mistakes That Undermine Customer-Centric Initiatives

1. Conflating speed with quality in resolution. Closing a ticket in two hours is meaningless if the resolution is "we have forwarded your concern to the relevant team." Both speed and substance are required. Measure first-contact resolution rate, not just closure rate.

2. Publishing a Grievance Officer name but not monitoring the email. The E-Commerce Rules require a functioning channel. Several businesses publish a name and an address that no one reads. This creates legal liability — provable non-compliance — without creating any trust.

3. Treating DPDP consent as a one-time checkbox. Consent under the DPDP Act is purpose-specific. Collecting an email for order confirmations does not authorise you to use it for a new product marketing campaign. Re-consent is required when the purpose changes.

4. Measuring NPS company-wide without segmenting. A single aggregate score hides the product lines and geographies with serious problems. Always segment before acting.

5. Incentivising support teams on ticket-closure rate. A team measured on tickets closed per day will close tickets prematurely or without resolution. Measure on post-resolution CSAT and first-contact resolution rate instead.

6. Ignoring B2B customers in your listening cadence. B2B buyers rarely write Google reviews. Build a structured quarterly business review (QBR) — even a 30-minute call with the decision-maker — to surface issues before they harden into churn decisions.

7. Treating DPDP compliance and customer experience as separate workstreams. They are the same workstream. A smooth data access request process, a clear consent withdrawal mechanism, a fast erasure response — these are customer experiences. Run them together.

Building Internal Alignment: The Structural Work Most Businesses Skip

Customer-centricity is an organisational design problem as much as a cultural one. If your incentives point inward, your outcomes will follow.

Realign incentives across every function:

Sales: Add a retention and expansion target alongside the new-logo target. A sales team measured only on new logos will over-promise to win deals and under-invest in handoffs to operations and support.
Support: Measure on resolution quality (post-resolution CSAT score) and first-contact resolution rate, not on ticket velocity.
Finance: Build refund processing SLAs into the finance team's internal KPIs. A refund sitting in a finance approval queue for 20 days is simultaneously a compliance breach and a trust failure.
Product and Technology: Make support's top complaint reason codes a mandatory input to every sprint planning cycle. If the leading complaint for three months running is "I cannot find my GST invoice," that is a product problem requiring a product fix — not a support script to be written.

The CEO-to-customer ritual: Once a quarter, the most senior leader speaks directly to ten customers — not in a scripted focus group, but in an unfiltered 15-minute conversation. No sales team filter, no summary provided in advance. This prevents the reporting-bias accumulation that makes leadership believe everything is better than it is.

The monthly Voice of Customer (VoC) report: A single internal page summarising the top five complaints, the top three compliments, the NPS movement and one concrete change being made this month in response to customer feedback. Publish it to every team. Make the customer visible inside the building, not just on the website.

Key Takeaways

Customer-centricity is now a compliance posture, not just a brand value. The DPDP Act 2023, Consumer Protection (E-Commerce) Rules 2020 and CCPA dark-pattern guidelines give Indian customers enforceable rights — and give you measurable, penalisable obligations.
The DPDP Act requires purpose-specific consent, a plain-language privacy notice and a functioning Grievance Officer channel. Penalty exposure reaches Rs. 250 crore for major data security failures. Even smaller enforcement actions can be operationally devastating.
The E-Commerce Rules mandate a 48-hour complaint acknowledgement and one-month resolution. Best practice is two hours and 48 hours. The gap between the legal minimum and operational best practice is where churn and consumer forum claims live.
Build your Single Customer View first, connecting CRM, helpdesk and payments data with a common verified identifier. It is achievable on an SME budget and is the foundation of every other initiative — including DPDP Act access requests.
Proactive service recovery is dramatically cheaper than reactive legal defence. The worked example above shows Rs. 99,160+ in regulatory and reputational costs against Rs. 16,100 in proactive resolution costs — a Rs. 83,000 difference driven entirely by a 72-hour acknowledgement failure.
Measure NPS, Customer Effort Score and 90-day repeat purchase rate — and segment all three. A single aggregate number hides the problems that are actively destroying lifetime value.
Realign internal incentives before launching any customer-centricity initiative. Sales teams rewarded only on new logos, support teams rewarded only on ticket speed, and finance teams without refund-processing SLAs will defeat every external initiative within two quarters.