Geo Focus: Asia , Geo-Specific , Governance & Risk Management
Indian Firms Struggle to Find a Budget for DPDP Act Prep
Privacy Experts Abha Tiwari and Sunny Athwal Share Their Data Protection JourneyOrganizations in India are ramping up efforts to comply with the new Digital Personal Data Protection Act. But without the law being officially enforced, budget and hiring constraints make it challenging to allocate sufficient resources, said a panel of experts.
See Also: The Biggest & Boldest Data Breaches & Insider Threats of 2023
Another critical hurdle is hiring qualified data fiduciaries who can manage compliance. said Sunny Athwal, chief privacy officer at HCL Technologies. "One of the uncertainties has definitely been who is going to be considered a significant data fiduciary because that is definitely one area of the law has quite a high compliance burden," Athwal said.
Abha Tiwari, data protection officer at Vistara, pointed out the challenges of consent management. "When we look at India, the two bases that we have are legitimate use and consent." But Tiwari added that managing ongoing services that require ongoing consent is complex, "How often do you have to refresh these consents?" This operational complexity creates additional demands on companies struggling with multiple privacy frameworks, she said.
In this panel discussion with Information Security Media Group, Tiwari and Athwal also discussed:
- The impact of global data privacy norms on India's DPDP Act;
- Potential risks and penalties under the DPDP Act for data fiduciaries;
- Strategies for organizations to build adaptable privacy frameworks.
Tiwari, who leads data protection at Vistara, which will soon be Air India, has more than 14 years of experience working as in-house counsel for a major auto manufacturer. She has been invited to be part of the privacy leadership forum of Data Security Council of India. Her profile currently ranges from policy matters to hands-on experience in deploying and executing data privacy framework management at various levels of the organization, while crafting a balance between the applicable privacy laws in different jurisdictions.
Athwal, part of the risk and compliance leadership group, serves as chief privacy officer and leads the global privacy office and the strategic partner for the European region at HCLTech. She also manages the regulatory risk program responsible for deploying industry best practices and procedures to ensure compliance with applicable laws.