The recently released draft Digital Personal Data Protection (DPDP) rules are placing renewed emphasis on cybersecurity, with experts highlighting the critical role it plays in safeguarding personal data and ensuring compliance.

Industry experts believe that stringent actions against data leaks are not just a legal obligation but also a critical step towards fortifying trust and building a robust digital ecosystem. This new regulatory landscape also presents businesses with an opportunity to elevate data protection efforts and integrate privacy and cybersecurity into core business practices.

Vinayak Godse, Chief Executive Officer, Data Security Council of India (DSCI) wanted organisations to fully understand and comprehend the obligations as outlined by the law and rules.

“They need to overhaul the processes and practices for privacy such as issuing notice and taking consent as per the standards stated. They should establish good data governance mechanisms and adopt technological measures for the security of data including privacy-preserving technologies,” he said.

Vishal Salvi, Chief Executive Officer, Quick Heal Technologies Ltd, said that the rules present a major opportunity for the industry to elevate its data protection and privacy efforts. By mandating stringent actions against personal data leaks, the rules push businesses to go beyond mere compliance and foster trust with their customers. “This is a game-changer because it emphasises accountability at every level,” he said.

The DPDP Act also opens doors to implementing advanced cybersecurity tools like Data Loss Prevention (DLP), AI-powered threat detection, and encryption systems. 

“Cybersecurity is a critical issue, and the DPDP Act makes it clear: you can’t protect privacy without strong cybersecurity controls, and you can’t secure data effectively without respecting privacy. The Act requires data minimisation, explicit consent management, and mandatory breach reporting within tight timeframes. To avoid penalties—up to ₹250 crore—companies need to act now, not just to comply, but to build a secure and privacy-first digital ecosystem,” he said.

Harsha Solanki, VP General Manager (Asia) of Infobip, felt that the companies need to invest in robust data protection measures and take benefit of cutting-edge technologies such as AI, machine learning, and end-to-end encryption to secure customer information.”

“Businesses must address vulnerabilities with a proactive approach, incorporating advanced technologies like AI-powered threat detection, multi-factor authentication, and encryption to secure their data and systems,” she said.

Parag Khurana, Country Manager (India), Barracuda Networks, said that the rules would require organisations to have security measures in place to keep data protected at all times, for example through encryption, robust access and authentication controls, and reliable data backup and recovery.

“It also means having a strong security posture overall so that any unauthorised access is quickly identified, blocked, investigated and remediated. This will require multi-layered, defence-in-depth security solutions that go beyond threat detection and prevention to include proactive threat hunting,” he said.

“With the regulations around data protection getting stringent and more persuasive, there is a need for cybersecurity firms to play a critical role in helping organisations defend and combat data breaches,” Dipesh Kaura, Country Director – India & SAARC, Securonix, said

“To comply with the new security standards and to reduce the risk of data leaks, businesses must implement comprehensive breach readiness and breach response plans, conduct regular security assessments, and ensure alignment with industry frameworks such as ISO/IEC 27001,” he said.