Site icon BW Security World

India’s Data Privacy Demands Shift From Compliance To Trust

Prabhat Shukla
Bharat Sanchar Nigam Limited (BSNL), the state-owned telecom operator, is purportedly grappling with a data breach. A threat actor known as "Perell" has claimed access to critical information related to BSNL's users, raising alarms about the privacy and security of BSNL customers.

Bharat Sanchar Nigam Limited (BSNL), the state-owned telecom operator, is purportedly grappling with a data breach. A threat actor known as "Perell" has claimed access to critical information related to BSNL's users, raising alarms about the privacy and security of BSNL customers.

Firms urged to embed privacy into operations as DPDP Act nears implementation

As India readies itself for the enforcement of the Digital Personal Data Protection (DPDP) Act, 2023, businesses across sectors are being urged to move beyond basic compliance and treat data privacy as a core organisational principle. Experts at a recent webinar hosted by Baker Tilly ASA India emphasised that digital trust, not just legal conformity, will be the next competitive edge in the country’s fast-evolving data economy.

The DPDP Act, which borrows from international privacy frameworks such as the EU’s General Data Protection Regulation (GDPR) while being adapted for India’s digital scale and governance needs, introduces specific classifications for entities handling personal data. Under the law, ‘Data Fiduciaries’ and ‘Significant Data Fiduciaries’ (SDFs) face distinct obligations. SDFs, for instance, must appoint Data Protection Officers (DPOs), undergo regular audits, and establish formal grievance redressal mechanisms.

“The DPDP Act is more than a legal framework – it’s a signal that data governance must evolve from reactive compliance to proactive responsibility,” said Shrikrishna Dikshit, Partner, Digital & Cyber Security at Baker Tilly ASA India. “Significant Data Fiduciaries will need to build robust systems of accountability that align with both the letter and the spirit of the law. It’s not just about meeting the baseline; it’s about setting a new standard for digital trust.”

The webinar also spotlighted the need for sector-specific interpretations of the law. In heavily regulated and data-intensive sectors such as banking, healthcare, and e-commerce, compliance is expected to involve intricate operational changes and a strong emphasis on third-party risk management (TPRM).

“Third-party risk is often overlooked but is critical to DPDP compliance,” said Rachit Shukla, Executive Partner, Digital & Cyber Security at Baker Tilly ASA India. “Organisations must build frameworks to regularly audit vendors for data handling practices and maintain continuous oversight through technology and documentation.”

India’s rapid digital transformation – propelled by programmes like Digital India, DigiLocker, UMANG, mobile-based e-health, and digital finance services – is reshaping how data is created, stored, and shared. According to IDC, nearly half of Indian enterprises are now piloting agentic AI solutions, a trend that underscores the growing reliance on data and intelligent systems in enterprise decision-making and automation.

The session concluded with a consensus that businesses treating privacy as a foundational pillar of their culture – rather than a regulatory obligation – will be best positioned to lead in a more regulated, trust-driven digital economy.

“Embedding privacy into business strategy and operations isn’t optional anymore,” one speaker noted. “It’s the only sustainable path forward.”

Exit mobile version