Navigating India's Data Protection Landscape: Imperatives for Compliance by Dr. Pavan Duggal, Dr. Prashant Mali, Puneet Bhasin & Bikash Barai


The implementation of the India Privacy Act heralds a new era of data protection regulations in the country, bringing significant challenges and opportunities for organizations. In this blog, we delve into the critical aspects of the Act and highlight imperative measures for compliance and risk mitigation.



Here is the verbatim discussion:

Mode why because that's going to cost any organization humongously from the ciso standpoint apart from costing the organization such kind of an error could even cost you your job in addition it could also expose you to criminal liability under the existing law in your own individual capacity and for which you may not have the appropriate documentation to show that you as an organization or you as a top management of the organization had exercised all due diligence to prevent the commission of any offense or contention so Focus back on documentation Focus back on your due diligences and compliances and this law particularly I think is going to be a gamechanging law primarily everything will be dependent on how it's going to be implemented but the very fact that every organization is now going to have a democles sword on their head for a potential fine for 250 CR rupees could actually drive India towards a more sh uh sound data economy as we go forward as more responsible data practices are going to be ensured be followed by all stakeholders needless to say please don't only concentrate on the digital personal data protection act this is just the Cherry in the on the cake please concentrate on the cake as well which is the information technology act 2000 and the rules and regulations with other other entities now suppose if there is a data Bridge through a third party then who has to pay the fine who is responsible so the the concept of cascading consent has not been Ed in the dpdp ACT if the third party see it depends upon who is liable the data fiduciary is liable to the data principle here we don't have a concept of something like a second third party person who is doing something now suppose if you have to guard yourself from you know data fiduciary to guard yourself from such kind of labs from the third party you need to have contract with him and in the contract you need to have indemnification Clauses as to if the I get fined because of your issues your problems you will indemnify against the whatever the loss I incur or whatever penalty or fine I incur so this having a contract with indeminification Clause with regards to data protection board now becomes important so every organization needs to go back to their contracts and revise the contracts when it comes to uh handling of data in a cascading pattern when you're giving data to further for third party or further from third party.



Stringent Compliance Obligations:

  • The India Privacy Act mandates stringent compliance requirements, with potential fines of up to ₹250 crore for non-compliance.
  • Organizations must prioritize documentation, due diligence, and compliance frameworks to mitigate legal and financial risks.

Individual and Organizational Accountability:

  • Top management individuals face personal liability for data protection breaches, necessitating comprehensive documentation of due diligence measures.
  • Focus on compliance with the Information Technology Act 2000 and associated regulations is paramount for organizational integrity.

Addressing Third-Party Liability:

  • The Act lacks provisions for cascading consent and delineating liability among multiple parties involved in data processing.
  • Organizations must revise contracts with third-party vendors to incorporate indemnification clauses and mitigate risks associated with data breaches.


As organizations navigate the complexities of India's data protection landscape, proactive compliance efforts are indispensable. By prioritizing documentation, due diligence, and responsible data practices, businesses can mitigate legal and financial risks while fostering trust among stakeholders. Compliance with the India Privacy Act is not just a regulatory obligation but a strategic imperative for organizations to thrive in the evolving digital economy.



Dr. Pavan Duggal is the Founder & Chairman of the International Commission on Cyber Security Law and President of Cyberlaws.Net. He heads the Artificial Intelligence Law Hub and Blockchain Law Epicentre, and is the Founder of Cyberlaw University. Dr. Duggal is the Chief Evangelist of Metaverse Law Nucleus and has directed numerous international conferences on cyber law. He has spoken at over 3000 events and authored 194 books on various legal topics.

Prashant Mali is an acclaimed international cybersecurity and cyber law expert, practicing as a lawyer at the Bombay High Court with 25 years of experience. He holds advanced degrees in computer science and law, and has authored 8 books and 16 research papers on cyber law and data protection. Mali frequently appears on TV and at international conferences, offering expert legal opinions on a wide range of technology-related issues. His landmark legal work includes numerous acquittals and influential policy contributions.


Advocate Puneet Bhasin is a Pioneer in Cyber Laws in India and Awarded the Best Cyber Lawyer in India. She is an advisor to the Rajya Sabha Committees on Internet laws and Recipient of 13 National Awards for contribution in Cyber laws one of them being "Best Cyber Lawyer in India".


Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)



CISO Breakfast at BlackHat Las Vegas 2024!

  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.


    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa