India Data Privacy

IDfy's Ashok Hariharan says privacy must move beyond checkbox consent, with firms embedding accountability, governance and breach readiness into everyday operations

Rollout of the Digital Personal Data Protection framework will make organisations more accountable and consequently raise their compliance standards, a top official of 63SATS Cybertech said. 63SATS Cybertech, Managing Director, CEO & CIO, Neehar Pathare said under the DPDP regime, cybersecurity will no longer remain just a technical function but a critical pillar of risk management and business resilience. "As India advances into a new era of digital governance with the rollout of the Digital Personal Data Protection framework, organisations are being held to significantly higher standards of accountability and compliance. In this environment, cybersecurity is no longer just a technical function but a critical pillar of risk management and business resilience," Pathare said. To advance cybersecurity adoption, 63SATS Cybertech has renewed its strategic title partnership with CyberSec India Expo 2026 for the second consecutive year. "Our continued partnership with CyberSec India ...

India's Digital Personal Data Protection Act is reshaping how organisations design and deploy AI, embedding consent, governance and privacy safeguards as the foundation for trust-driven adoption

India's Digital Personal Data Protection Act will fundamentally alter how companies handle user data, mirroring GDPR's impact in Europe, says DSCI CEO Vinayak Godse

The Editors Guild of India on Wednesday said the Digital Personal Data Protection (DPDP) Rules, notified recently, do not address the concerns around journalistic work falling within the purview of the law. In a statement, the Guild said it had highlighted the DPDP Act's shortcomings, which included the dilution of the Right to Information regime and the absence of any explicit journalistic exception, and asserted that the newly issued rules continue to leave critical questions unresolved for journalists and media organisations. In July this year, S Krishnan, Secretary, Ministry of Electronics and Information Technology (MeitY), held a meeting with press bodies and assured that journalistic work would not fall within the purview of the DPDP Act, the Guild said. "The Guild, along with other media organisations, had urged the MeitY to issue a legally tenable clarification or amendatory provision to explicitly safeguard journalistic activities," it said. The Guild has urged MeitY to .

The new DPDP rules will be introduced over the next 18 months to give organisations time to adapt to the guidelines.

The Digital Personal Data Protection (DPDP) rules, which currently offer an 18-month transition period for companies, may see this timeline "compressed" for large companies as the government engages with industry stakeholders on the issue. Big tech firms and many large companies already abide by stringent data protection standards in many other markets, among them General Data Protection Regulation (European Union's data privacy and security law) and this argument has prompted discussions about faster implementation of the new rules in India. About the rationale of 18-month transition time, when, in fact, many large companies are already complying with stringent norms elsewhere, IT Minister Ashwini Vaishnaw said the government is already in touch with the industry on the issue. "We have been discussing with industry... the first set of rules have been published and this gives reasonable timeframe depending on what industry's ask was, and what our thrust was." He added, "But we are

India's DPDP rules have set a framework for a more accountable digital economy through clear consent standards, data safeguards, with the goal to arm individuals with greater control over their personal data in the world's fourth largest economy. Here is what it means for businesses and individuals: First things first. These subordinate rules to the principal legislation -- Digital Personal Data Protection Act -- spell out operational norms for entities in collection and handling of personal data, and protects the rights of individuals. In simple terms, 'data fiduciaries' refer to entities that decide the purpose and means of processing of individual's data while 'data principals' are individuals or users (of a particular service) to whom personal data belongs. Consent notice to individuals: Companies must give clear, plain-language notice seeking informed consent with itemised data description, processing purpose, complaint mechanisms, and easy consent withdrawal process where eas

Apps are harvesting data on you constantly-sometimes beyond what they need. Here's why it matters, how it's used, and what you can do to regain some control

DPDP Act may also ask intermediaries to keep detailed meta data records

Here's a quick capsule of the best of Business Standard's opinion pages today for your quick reading.

Digi Yatra data stored on airport systems is automatically purged within 24 hours of a flight's departure, says aviation ministry

India will come out with a legal framework to ensure data privacy that will encourage free data flow among trusted partners, Commerce and Industry Minister Piyush Goyal on Thursday said, as he sought investment in technology and innovation. Speaking at the UK India Business Council's 'UK-India Technology Futures Conference', the minister said India and the UK can collaborate on technology in the fields of AI education, telemedicine, climate modelling, precision agriculture and organic chemical, electronic and food industries. Goyal pointed out that it will be important to understand how in the future the digital world and sustainability issues will intersect. A major portion of energy will be consumed by systems that will churn out data and that will have an impact on sustainability issues, he said, adding that there are very few places in the world where there is an interconnected grid in the way that India has. The minister said that by 2030, India would have a thousand-gigawatt

Adani Airport Holdings (AAHL) and Thales have joined hands for the implementation of cloud-based solutions at AAHL managed airports in India for streamlining the operations

Cookies are packets of information that allow websites and advertisers to identify individual web surfers and track their browsing habits, but they can also be used for unwanted surveillance

Tech giants Google, Meta, YouTube, and Snap are concerned over India's new Digital Personal Data Protection Act's restrictions on behavioural tracking of children as they may compromise child safety

Amid rising cyber threats, DPDP Act marks a pivotal step in data privacy management, with stakeholders eager for comprehensive guidelines

92% companies in India recognise customers want adequate protection of their data: Cisco survey

Sachin Tendulkar's deepfake video: The fabricated video of the cricketer depicted him endorsing a mobile gaming application, sparking concerns over data privacy on social media

Cyber risks are cited as the biggest threat faced by Indian organisations with 38 per cent of respondents feeling highly or extremely exposed to it, says a survey. With this, cybersecurity has jumped two spots from number three to number one on the risk radar when compared to the 2022 Global Risk Survey, the PwC's 2023 Global Risk Survey- India edition stated. PwC said the final results of the survey are based on 3,910 survey responses from Business and Risk Management leaders (CEO, board, risk management, operations, technology, finance, audit) across 67 territories providing their views on the status and direction of risk in their organisation. 163 Indian organisations were a part of this survey. Other digital and technology risks are also top concerns for business leaders in India (at 35 per cent). To address the challenges, Indian organisations are making bold investments in cybersecurity with more than half of the respondents planning to invest in cybersecurity tools (55 per .