The India Privacy Act marks a transformative shift in the regulatory landscape, with profound implications for both large enterprises and startups. Recently, CESO platform hosted a panel discussion featuring leading experts in cyber law—Advocate Dr. Pavan Duggal, Advocate Dr. Prashant Mali, and Advocate Punita Shetty. Moderated by Vikash Parekh, the session explored the nuances of the Privacy Act and its potential impact on various stakeholders. This blog captures the key takeaways, offering insights into how organizations can navigate this new legal framework.



Here is the verbatim discussion:

LA and e-commerce law Dr Dule has been acknowledged as one of the top four cyber lawyers around the world world domain day recognizes him as one of the top 10 cyber lawyers around the world Advocate Dr Prashant Mali Cyber Law and data protection lawyer Bombay High Court Dr Prashant is India's top cyber and privacy lawyer with many landmark cases to his credit he has been awarded as best cyber privacy lawyer 2022 at newsmaker awards best cyber security lawyer in 2017 and with national cyber defense award in 2019 Advocate pun buin cyber and data protection laws expert founder cyber jury legal Consulting and cyber jury Academy Advocate pit is a Pioneer in cyber laws in India and has been awarded and that wouldn't be a real life thing that you can find in multiples of 150 crores or or 250 crores second point is how would they calculate now this is the biggest question because organizations are talking to me asking me upon how do they write some figure on the legal risk or how do they secure them s in cyber Insurance that's a big question so why because if you calculate that whatever ultimately all the fins which have been mentioned it comes to 500 crores you because suppose you find in every place you know you are as a data breach then you are a significant data fiduciary also and then the total can come to around 500 crores but that is not the actual figure you can calculate now how would the figure will be coming now that they could device a formula a board has to device a formula to come across how much to be charged to whom you know because it has to be realistic and it has to be lot of Pi data so this dream of companies having less Pi data is I don't I don't think it is a practical dream saying that I don't have less data and coming Bing on again what pan G said that people are people were celebrating that we will not have jail ter rather people who are going to handle the data part so ITX section 43 B read with Section 66 still is alive and there is punishment up to three years of imprisonment and there is a penalty there also so that also can operate and apart from obviously other IPC sections depending upon what has been stolen along with the data okay so so let us go to the next part of the question and I'll clap two questions together that is like how does it impact the large Enterprises how does it impact the startups so you can combine uh both of them together and and um yeah over to you Punit we we'll go to everybody with this question like how what are the top things that you see it's going to impact both the Enterprises as well as the startups



Introduction of New Roles

  • Data Principal: The individual to whom the personal data belongs.
  • Data Fiduciary: The entity responsible for determining the purpose and means of processing personal data.
  • Data Processor: The entity processing data on behalf of the data fiduciary.

Consent and Rights of Data Principals

  • Explicit consent required for data collection and processing.
  • Rights to access, correct, and delete personal data.
  • Right to be informed about data breaches affecting their data.

Data Protection Board

  • Establishment of a Data Protection Board to oversee compliance and handle grievances.
  • Powers to investigate, audit, and impose penalties for violations.

Data Localization and Cross-Border Data Transfer

  • Mandates for storing certain types of data within India.
  • Regulated procedures for transferring data abroad, ensuring protection aligns with Indian standards.

Breach Notification and Compensation

  • Mandatory breach notifications to the Data Protection Board and affected individuals.
  • No government compensation for data breaches; non-compliance by individuals may result in fines.

Penalties for Non-Compliance

  • Significant fines up to ₹250 crore per violation for non-compliance.
  • Potential criminal liability for severe breaches.


The India Privacy Act presents both challenges and opportunities for large enterprises and startups. By understanding the key provisions and preparing adequately, organizations can navigate this new regulatory landscape effectively. The CESO platform remains committed to supporting its community in staying informed and compliant, fostering a secure and resilient data environment.



Dr. Pavan Duggal is the Founder & Chairman of the International Commission on Cyber Security Law and President of Cyberlaws.Net. He heads the Artificial Intelligence Law Hub and Blockchain Law Epicentre, and is the Founder of Cyberlaw University. Dr. Duggal is the Chief Evangelist of Metaverse Law Nucleus and has directed numerous international conferences on cyber law. He has spoken at over 3000 events and authored 194 books on various legal topics.


Prashant Mali is an acclaimed international cybersecurity and cyber law expert, practicing as a lawyer at the Bombay High Court with 25 years of experience. He holds advanced degrees in computer science and law, and has authored 8 books and 16 research papers on cyber law and data protection. Mali frequently appears on TV and at international conferences, offering expert legal opinions on a wide range of technology-related issues. His landmark legal work includes numerous acquittals and influential policy contributions.


Advocate Puneet Bhasin is a Pioneer in Cyber Laws in India and Awarded the Best Cyber Lawyer in India. She is an advisor to the Rajya Sabha Committees on Internet laws and Recipient of 13 National Awards for contribution in Cyber laws one of them being "Best Cyber Lawyer in India".


Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)



CISO Breakfast at BlackHat Las Vegas 2024!

  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.


    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa