Your go-to hub for Expert Insights,
Publications, and Resources on
data privacy and compliance

In anticipation of the forthcoming Digital Personal Data Protection (DPDP) rules, Indian companies across various sectors are proactively enhancing their data protection frameworks. This includes updating privacy policies and appointing Data Protection Officers (DPOs) to ensure compliance with the new regulations.

The draft DPDP rules, accepted on January 3, 2025, have prompted organizations to intensify compliance audits and strengthen data governance structures. Major corporations such as Meta, Muthoot Fincorp, and Fynd (Shopsense Retail Tech) are actively recruiting DPOs to oversee sensitive personal data and ensure adherence to data protection laws. Additionally, companies like American Express and McDonald's are seeking professionals for roles in data governance and management.

Under the DPDP Act, while not all data fiduciaries are mandated to appoint a DPO, entities processing substantial amounts of personal data are required to do so. This move is crucial for maintaining compliance with the evolving regulatory landscape.

Consultancy firms have reported a surge in inquiries from businesses aiming to align with the new regulations. Jasprit Singh, partner at Grant Thornton Bharat, noted that following the release of the DPDP Act and its rules, many clients have sought guidance on achieving compliance. The firm advises conducting gap assessments and updating privacy documentation, including notices, policies, and cross-border transfer clauses.

Organizations like Growing Pro Technologies have initiated comprehensive audits to ensure their data practices comply with the evolving regulations. These audits encompass data flow and processing, security and compliance, and third-party vendor risk assessments. Consequently, the company is revising its privacy policies to address any identified gaps.

Despite these efforts, challenges persist. A recent study by the Advertising Standards Council of India (ASCI) revealed that only 6% of Indian websites are prepared to comply with the Act's cookie processing requirements, indicating potential impacts on online marketing. Businesses are also evaluating how to obtain user consent without causing friction and how the regulations might affect the use of algorithmic software or AI model training using public data.

The public feedback period on the draft rules concluded on March 5, 2025. As the finalization of these regulations’ approaches, businesses are urged to continue strengthening their data protection measures to ensure full compliance and maintain consumer trust.

Have insights or concerns about the DPDP Rules? Join the conversation and share your thoughts with us!

OR

"Looking for expert advice from top consultants?

Whether you need guidance on legal compliance consulting or tool based technical solutions, DPDP Consultants can help you with the best professional’s services in the industry. Get tailored insights and practical solutions to help you succeed. Visit our website DPDP Consultants today to explore our network of experts and take the next step toward success!"

 For News updates, expert insights, and practical tips on DPDP compliance and personal data security please subscribe to our newsletter Privacy Talks.

#DPDPA #DPDPACT #DPDPCompliance #Dataprivacy #Compliancetools #DPDP ACT India

#Data protection