Navigating India's Data Protection Landscape: A Comprehensive Guide by Dr. Pavan Duggal, Dr. Prashant Mali, Puneet Bhasin & Bikash Barai

With the introduction of the India Privacy Act, organizations across the country are facing a new era of data protection challenges. This landmark legislation brings stringent requirements for consent, compliance, and penalties for breaches. In this blog, we delve into the key aspects of the Act, its implications for organizations, and actionable steps to ensure readiness and compliance.



Here is the verbatim discussion:

super critical uh so we'll move to Pavan um any closing remark and by the way we should have a session just on this Punit made a very vital point in terms of how do we get ready so we should just have a session only on that like how do we have the Readiness huh for the new act um pav any closing remark and then we'll go to Prashant maybe quick one one one to two minute closing remark my closing remarks are only this much uh let's get out into field let's get our hands dirty let's start working on things let's not be in a complacency mode why because that's going to cost any organization humongously from the ciso standpoint apart from costing the organization such kind of an error could even cost you your job in addition it could also expose you to criminal liability under the existing law in your own individual capacity and for which you may not have the appropriate documentation to show that you as an organization or you as a top management of the organization had exercised all due diligence to prevent the commission of any offense or contravention so Focus back on documentation Focus back on your due diligences and compliances and this law particularly I think it's going to be a gamechanging law primarily everything will be dependent on well the very very simple if your pii is misused no problem just shoot a complaint to the data protection board and that becomes the starting point of a new investigation when the board is going to go ahead and try to find out if there's any contention and thereafter ultimately give a fine up to 250 CR rupees that's one of the many things that you can do in addition because there's a breach of your sensitive personal data or pii clearly you will also have remedies under the information technology act which you can also do which means that you can also file criminal charges against the company under the it Act and the IT rules most of the time the companies become intermediaries under section 21w of the information technology act 2000 and this uh shall I say uh abuse or misuse of personal data is also in complete contravention of the provisions of rule three of the information technology rules 2021 which have been updated as on 6th of April 2023 because right now they are going to marrying this with the requirement for having in place reasonable security practices and procedures which will have to be again an ISO 7,1 so you will have remedies under there unfortunately your remedy for unlimited damages by way of compensation under Section 43 cap a of the it act has been withdrawn because that's been repealed.



Universal Consent Mandate

  • Organizations must obtain explicit consent from data subjects, detailing data collection, processing, and third-party involvement.
  • Multilingual notices are required, ensuring accessibility across diverse linguistic communities.

Comprehensive Definition of Personal Data

  • The Act encompasses all information identifying individuals, eliminating the distinction between personally identifiable and sensitive data.

Penalties for Non-Compliance

  • Fines of up to ₹250 crore per violation may be imposed, reflecting the severity and scale of breaches.

Breach Notification and Remediation

  • Mandatory reporting of breaches to the Data Protection Board and affected individuals.
  • Demonstrable steps must be taken to secure data and mitigate risks post-breach.

Applicability to Digital Data

  • The Act covers breaches of digital personal information, regardless of its initial format.


The India Privacy Act marks a significant shift towards data protection and privacy rights. By understanding its provisions and taking proactive steps towards compliance, organizations can navigate this regulatory landscape effectively. Ensuring readiness is imperative to safeguarding data and maintaining trust with stakeholders in the digital age.



Dr. Pavan Duggal is the Founder & Chairman of the International Commission on Cyber Security Law and President of Cyberlaws.Net. He heads the Artificial Intelligence Law Hub and Blockchain Law Epicentre, and is the Founder of Cyberlaw University. Dr. Duggal is the Chief Evangelist of Metaverse Law Nucleus and has directed numerous international conferences on cyber law. He has spoken at over 3000 events and authored 194 books on various legal topics.


Prashant Mali is an acclaimed international cybersecurity and cyber law expert, practicing as a lawyer at the Bombay High Court with 25 years of experience. He holds advanced degrees in computer science and law, and has authored 8 books and 16 research papers on cyber law and data protection. Mali frequently appears on TV and at international conferences, offering expert legal opinions on a wide range of technology-related issues. His landmark legal work includes numerous acquittals and influential policy contributions.


Advocate Puneet Bhasin is a Pioneer in Cyber Laws in India and Awarded the Best Cyber Lawyer in India. She is an advisor to the Rajya Sabha Committees on Internet laws and Recipient of 13 National Awards for contribution in Cyber laws one of them being "Best Cyber Lawyer in India".


Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)



CISO Breakfast at BlackHat Las Vegas 2024!

  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.


    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa