Data Privacy Day highlights India's need for stronger digital protections

On 28 January, India, along with the world, celebrated Data Privacy Day. The theme for this year was ‘Take Control of Your Data’. The theme could not have been more apt for the times we live in.

 

The increasing use of digital services in day-to-day activities has also led to a rise in data security threats and the sharing of data with multiple platforms and organisations.

 

Data privacy means the personal and sensitive information of an individual is secured, and they are in control of its sharing, storage and usage.

 

Jay Swamidass, vice-president and global head of sales, Rakuten SixthSense, shares that data privacy is not just a compliance tick box but a moral obligation.

 

“Data Privacy Week prompts us to pause and take stock of how well we handle data, how secure our systems are, and whether we are making decisions that respect the rights of both individuals and organisations. The only sure-fire way for businesses to succeed is to fully understand if we are doing enough to protect the data entrusted to us and to lead with integrity,” he added.

 

In India, the significance of this day is further elevated, with the rules around the Digital Personal Data Protection (DPDP) Act in the final phases of consultation.

 

Parag Khurana, country manager, India, Barracuda Networks, said that with the introduction of the draft framework for implementing the Digital Personal Data Protection Act (DPDPA), organisations in India now have a clear structure to help them strengthen their approach to data privacy and mitigate cybersecurity risks.

 

“In practical terms, this means implementing robust measures such as encryption, access controls, authentication, and reliable data backup and recovery to keep sensitive information protected at all times. However, securing personal data goes beyond compliance—it requires building a strong, proactive security posture that can detect, block, investigate, and remediate unauthorised access swiftly,” said Khurana.

 

Under the DPDP Act, Indian citizens have several rights. Citizens not only have access to their data, but they can ensure their data is erased or corrected and also have the ability to withdraw their consent. For the first time, it has been stipulated that in case of data breaches, the platforms or fiduciaries have to inform individuals and the Data Protection Board of India (DPBI).

 

With evolving technological changes and AI, regulations are a must for protecting data. Between 2023 and 2024, India faced over 5.2 billion encrypted attack attempts, with AI-driven phishing emerging as a growing concern.

 

“Evolving global standards such as GDPR and India’s DPDP Act underscore the importance of incorporating privacy by design into systems to address emerging challenges,” said Achyuth Krishna, head of IT and information security at Whatfix.

 

“In 2025, we expect to see an increase in the proportion of enterprises deploying private AI infrastructure, which is set to fundamentally transform India's data centre landscape. According to Vertiv's latest projections, AI workloads will drive unprecedented changes in infrastructure design and operations, with rack densities reaching into three- and four-digit kilowatts. This evolution is already visible in India, where the data centre industry is projected to attract $5.7 billion in investments by 2026, primarily driven by AI adoption,” said Manoj Paul, managing director, India, Equinix.