Governance & Risk Management , Privacy , Standards, Regulations & Compliance

Navigating Digital Data Protection Act Project Challenges

Security Experts Help Clarify Confusion Over Consent and Privacy Frameworks
Priya Muku Gora of Axtria and Shivangi Nadkarni of Arrka Consulting

The Digital Personal Data Protection Act in India has introduced many implementation challenges for security practitioners. Two experts - Shivangi Nadkarni, co-founder and CEO at Arrka Consulting, and Priya Muku Gora, GRC lead and DPO at Axtria - shared strategies for successful projects.

See Also: Expert Panel | Data Classification: The Foundation of Cybersecurity Compliance

"There is a great sense of confusion of what needs to be done," Nadkarni said. "There is confusion of whether this is just an add-on to what I am already doing for security. There is also confusion on whether this is something that my legal team should handle."

Most organizations already have security solutions that may need an "extra add-on or tweaking" to incorporate security safeguards, legal requirements and breach notifications.

But organizations will have to start from scratch on "every other aspect of the law, which is, "Collect what you need, use data for the purpose it has been collected, delete data, etc.," Nadkarni said.

On the challenge of consent, Gora said, organizations need a layered approach. "Initially before 2018, we were gearing up for more of security aspects. The journey from on-prem to cloud was common," Gora said. "Then came the idea of protection. Today, as most organizations are adopting the SaaS model, it is no longer about customer data but employee data as well. It starts from having a basic privacy framework in place."

In this video interview with Information Security Media Group, Nadkarni and Gora discussed:

  • Where practitioners should begin their implementation;
  • The ideal skills and qualifications for data protection officers;
  • The benefits of adopting a data privacy framework.

Nadkarni has more than 22 years of experience in information risk and privacy, e-commerce, and networks. She previously led the global application security and identity management practice at Wipro and established India's first licensed certifying authority for digital signatures in collaboration with Sift.

Gora has more than 18 years of experience in information security, compliance and data privacy. Prior to joining Axtria, she served as a senior manager of governance, risk and compliance at Nagarro.

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.