The average cost of a data breach in India reached ₹17.9 crore in 2023, an all-time high and almost 28% increase since 2020, according to a 3rd Party Data Breach Report. At nearly 22%, the most common attack type in India was phishing, followed by stolen or compromised credentials (16%).

Amidst this alarming landscape, Sister Nivedita University (SNU) & Infosec Foundation organised a seminar titled, ‘Data Privacy & Beyond’ to understand the gravity of data privacy at Techno India Centre of Excellence in Salt Lake, Kolkata. With subject matter experts, the idea was to decode the present DPDP Bill in India and its correlation with global norms, impacts, benefits and consequences.

Post the welcome addresses by Sushobhan Mukherjee, chairman, Infosec Foundation and Ina Bose, Director- Industry Relations, SNU, Supratim Chakraborty, Partner, Corporate and M&A Practice Group, Khaitan & Co delivered the keynote address on ‘Decoding DPDP Bill 2023’. It was followed by the panel discussions on ‘Data Privacy Concerns & Roadmap in Enterprises’ where Avijit Patra, PWC & CSA Kolkata Chapter, Shomak Som, LT Mindtree, Anupam Agarwal, TCS and Tathagata Datta, Ex-Additional Director, National Critical Information Infrastructure Protection Centre (NCIIPC), GOI were present.

In August 2023, Lok Sabha and Rajya Sabha passed the ‘Digital Personal Data Protection Bill-2023’ aiming to establish the country’s primary privacy law for digital personal data. The bill aims to balance individual data rights with organisational data processing needs, replacing existing data protection laws enforced through IT Act, 2000.

The intent is to regulate the processing of digital personal data in a manner that respects individual’s right to safeguard their personal information while also acknowledging the legitimate purposes for data processing.

A few key takeaways were as follows:

- Familiarise with the law

- Conduct a comprehensive data inventory using data discovery techniques

- Develop mechanisms to provide notices to data principles for personal data collected previously and going forward

- Implement a consent management mechanism to collect, maintain, track, and update consent from individuals

- Establish and maintain reasonable technical and organisational security measures to protect personal data

- Conduct a gap assessment to evaluate readiness with the bill

- Prepare and deploy mechanisms to respond to data principal rights requests

- Monitor changes or updates to data protection laws and regulations

The event witnessed participation from industry stakeholders including the CIO, CISO, IT head and other decision-makers from various enterprises.