Navigating India's Data Protection Landscape: Insights and Imperatives by Dr. Pavan Duggal, Dr. Prashant Mali, Puneet Bhasin & Bikash Barai

The enactment of the India Privacy Act has ushered in a new era of data protection regulations, presenting significant challenges and opportunities for organizations across the country. In this blog, we delve into the intricacies of the Act, its implications for businesses, and actionable steps to ensure compliance and readiness.



Here is the verbatim discussion:

to have but you need to have that data audits you need to have it annually you need to ensure all of this like uh is in place for you to and obviously one of the most important things is data mapping I would say the first point of compliance for you is going to be data mapping because today Indian organizations don't know what data they have collected which data they have collected where is it even residing we have never really had this kind of compliance before so before you even start building a framework which honestly I'm hearing a lot of people come up you know can you build the data privacy framework work for us the question is do you even know what is your data and where is your data so the first step is obviously data mapping and privacy Frameworks consent management uh auditing a lot of these things are going to happen thereafter principle here we don't have a concept of something like a second third party person who is doing something now suppose if you have to guard yourself from you know data fiduciary to guard yourself from such kind of labs from the third party you need to have contract with him and in the contract you need to have indeminification Clauses as to if the I get fined because of your issues your problems you will indemnify against the whatever the loss I incur or whatever penalty or fine I incur so this having a contract with indeminification Clause with regards to data protection board now becomes important so every organization needs to go back to their contracts and revise the cont contracts when it comes to uh handling of data in a cascading pattern and when you're giving data to further for third party or further from third party to so Punit we I think we are not able to hear you but there's a great point that you made that mapping the data is super critical uh so we'll move to Pavan um any closing remark and by the way we should have a session just on this uh Punit made a very vital point in terms of how do we get ready so we should just have a session only on that like how do we have the Readiness huh for the new act um pav any closing remark and then we'll go to Prashant maybe quick one one one to two minute closing remark my closing remarks are only this much uh let's get out into the field let's get our hands dirty let's start working on things let's not be in a complient.



Universal Consent Mandate

  • Organizations must obtain explicit consent for data collection, processing, and sharing, ensuring transparency and accountability.
  • Multilingual notices are mandated to cater to the diverse linguistic landscape of India.

Comprehensive Data Definition

  • The Act encompasses all forms of personal data, eliminating the distinction between personally identifiable and sensitive information.

Stringent Penalties

  • Non-compliance can result in fines of up to ₹250 crore per violation, emphasizing the seriousness of data protection breaches.

Breach Reporting and Remediation

  • Mandatory reporting of breaches to the Data Protection Board and affected individuals.
  • Organizations must demonstrate proactive measures to secure data and mitigate risks post-breach.

Applicability to Digital Data

  • The Act covers breaches of digital personal information, irrespective of its initial format or source.


The India Privacy Act represents a paradigm shift in data protection regulations, necessitating proactive measures from organizations to ensure compliance and mitigate risks. By understanding the key provisions of the Act and implementing robust data protection frameworks, businesses can navigate this regulatory landscape effectively, safeguarding privacy and fostering trust among stakeholders.



Dr. Pavan Duggal is the Founder & Chairman of the International Commission on Cyber Security Law and President of Cyberlaws.Net. He heads the Artificial Intelligence Law Hub and Blockchain Law Epicentre, and is the Founder of Cyberlaw University. Dr. Duggal is the Chief Evangelist of Metaverse Law Nucleus and has directed numerous international conferences on cyber law. He has spoken at over 3000 events and authored 194 books on various legal topics.


Prashant Mali is an acclaimed international cybersecurity and cyber law expert, practicing as a lawyer at the Bombay High Court with 25 years of experience. He holds advanced degrees in computer science and law, and has authored 8 books and 16 research papers on cyber law and data protection. Mali frequently appears on TV and at international conferences, offering expert legal opinions on a wide range of technology-related issues. His landmark legal work includes numerous acquittals and influential policy contributions.


Advocate Puneet Bhasin is a Pioneer in Cyber Laws in India and Awarded the Best Cyber Lawyer in India. She is an advisor to the Rajya Sabha Committees on Internet laws and Recipient of 13 National Awards for contribution in Cyber laws one of them being "Best Cyber Lawyer in India".


Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)



CISO Breakfast at BlackHat Las Vegas 2024!

  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.


    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa