Data privacy matters in today’s digital world

Pritam Shah
Global Practice Head
OT Security and Data Security

India’s fast-growing digital economy coupled with the country’s internet user base is expected to exceed 900 million this year, making the protection of data privacy a societal imperative.

Let’s take a look at some of the related statistics. A Survey Report 2024 was released recently by the Confederation of Indian Industry (CII) and Protiviti, on the preparedness of Indian industries for data privacy and the Digital Personal Data Protection (DPDP) Act. The survey was conducted across various industries, including BFSI, Information Technology, Hospitality, Manufacturing, Media & Telecom, targeting professionals from mid-level to executive management roles. Key findings from the survey revealed that over 60% of companies are engaged in practices that raise data privacy concerns, 52% have experienced a data breach in the past five years, and only 39% of larger organizations have a dedicated Data Privacy Office.

Another recent survey by PwC administered to 3,233 consumers across 24 cities and 186 organizations across India reveals that only 16% of consumers are aware of the Digital Personal Data Protection (DPDP) Act. The survey also states that 56% of consumers are not aware of their rights related to personal data and 69% of consumers are not aware of their rights to take back their consent. Whenever a minor’s personal data is involved, 72% of respondents are not aware that handling a minor’s personal data requires a parent/guardian’s consent.

Data privacy – a top priority

With a significant rise in data breaches and privacy violations, organizations are compelled to protect the sensitive data of customers and proprietary information for business operations to avoid huge business losses, customer churn, and damaging their reputation. Data apps and IoT devices can also track and collect personal information of individuals including their activities, interests, photos, and financial details. Organizations can sell this information that can later be used in unwelcome ways and create an environment apt for cybercrime causing harm to individuals.

Apart from being a compliance issue, data privacy protects the fundamental rights and freedoms of individuals in India and becomes a moral responsibility for organizations. Hence data privacy is a key concern for both individuals and businesses. Individuals should be made aware of data privacy, especially in India, which has a huge population base of Internet users. Data privacy also enables organizations to build trust among customers by establishing a culture of transparency and accountability while regarding individual privacy.

Data privacy in India- legal frameworks

The legal Frameworks for Data Privacy in India include the Information Technology (IT) Act, 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rule, 2011, and the recent Digital Personal Data (DPDP) Act, 2023. In August 2023, India’s Union Ministry of Electronics and Information Technology (MeitY) enacted the DPDP Act 2023, a groundbreaking law rewriting the country’s data protection landscape.

Then on January 3 this year, the Ministry unveiled the draft DPDP Rules, 2025 which has been published for feedback from the public where suggestions are invited until February 18, 2025. The DPDP applies to the processing of digital personal data within the country, as well as outside India concerning the delivery of goods or services to individuals in the country.

Challenges to data privacy

The previously mentioned survey reports indicate a significant percentage of India’s population is not yet aware of data privacy rights and the potential risks due to the misuse of this data. Secondly, the high costs involved in implementing data protection measures, especially for SMBs and startups can pose a challenge to ensuring data privacy.

Furthermore, cyberattacks are getting more sophisticated as attackers are leveraging advanced technologies such as AI and others to exploit vulnerabilities where achieving data privacy is difficult. Lack of resources in these organizations can result in non-compliance as well. The burden of compliance may sometimes hinder innovation and growth, more importantly in tech startups.

Best practices for data privacy management

Adopting the best practices enables organizations to not only safeguard customer data but also leverage data privacy as a strategic competitive advantage. A comprehensive data governance framework should be established at the very outset, where roles and responsibilities are defined and data quality and accuracy are established. Data privacy principles have to be integrated into the design of products and services and not added as an afterthought. Employee access to customer information should be restricted and granted solely based on their specific roles and responsibilities.

Organizations have to be transparent in data collection and usage practices while conveying the same to customers through simple-to-understand policies and consent mechanisms. Implementation of strong security measures such as encryption, access controls, and regular security audits demonstrates the organization’s commitment to safeguarding customer data. Training employees on customer data privacy best practices and educating customers about their rights while giving them control over their data speaks volumes about the organization’s strong commitment to data privacy.

Ensuring its data practices align with the customers’ values and expectations gives the organization a competitive edge. Additionally, organizations can also stay ahead of the curve by regularly reviewing and updating their data privacy practices in response to evolving threats and regulatory measures. As India Inc. continues to accelerate its digital transformation, it is critical to prioritize data privacy at every step and level. The global celebration of Data Privacy Day on January 28 every year is a reminder for organizations to recommit themselves to implementing robust data privacy policies while creating awareness among all stakeholders and making provisions for future changes.

Share on