The evolving digital landscape in India is witnessing a paradigm shift with the introduction of the Digital Personal Data Protection (DPDP) Act. This landmark legislation places a strong emphasis on accountability, transparency, and user empowerment, bringing India closer to global data privacy standards such as the GDPR. To explore the implications of this act and its transformative impact on businesses, we spoke with Madhusudan Krishnapuram, Vice President – Product & Engineering and Managing Director at GoTo India.
In this exclusive interview with Tech Achieve Media, Madhusudan sheds light on how the DPDP Act is reshaping data privacy practices across sectors like BFSI, healthcare, education, and manufacturing. He also discusses how organizations can align Governance, Risk, and Compliance (GRC) frameworks with operational goals, address emerging challenges brought by technologies like Generative AI, and balance customer trust with innovation. Madhusudan emphasizes the importance of collaboration between private organizations and government bodies in strengthening India’s data privacy ecosystem, paving the way for a secure and innovation-driven future.
TAM: How is the Digital Personal Data Protection Act (DPDP) reshaping data privacy practices in India, and what are its implications for businesses across sectors?
Madhusudan Krishnapuram: The Digital Personal Data Protection Act (DPDP) marks a pivotal shift in India’s approach to data privacy, emphasizing accountability, transparency, and user empowerment. By focusing on protecting personal data and ensuring its lawful processing, the DPDP aligns India with global standards like GDPR, reinforcing trust in a digital-first economy.
For businesses across manufacturing, healthcare, BFSI, education, and BPO/BPeS sectors the act mandates a robust reevaluation of data practices. Key obligations, such as obtaining explicit consent, appointing Data Protection Officers (DPOs), and implementing stringent data security measures, necessitate a proactive stance toward compliance. Businesses must now prioritize data minimization, purpose limitation, and secure cross-border data flows, transforming privacy into a core operational priority rather than a compliance afterthought.
Organizations can navigate the DPDP landscape more effectively by adopting solutions that empower them to securely manage data lifecycle processes, streamline compliance workflows, and strengthen customer trust. For instance, in sectors like BFSI and healthcare, advanced systems enable encrypted communication and secure storage of sensitive data, ensuring regulatory compliance while maintaining operational efficiency.
TAM: In the evolving regulatory landscape, how can organizations integrate Governance, Risk, and Compliance (GRC) frameworks to ensure seamless adherence to the DPDP while maintaining operational efficiency?
Madhusudan Krishnapuram: Navigating compliance with the Digital Personal Data Protection (DPDP) Act in today’s dynamic digital environment demands a strategic approach that aligns Governance, Risk, and Compliance (GRC) frameworks with organizational goals.
One effective strategy is to deploy automated compliance monitoring tools that integrate seamlessly with existing infrastructure. These tools ensure real-time policy enforcement without hindering operational efficiency. Equally important is establishing a unified data governance framework to streamline data classification, enforce access controls, and maintain comprehensive audit trails across all communication channels and IT support systems.
Adopting cloud-native solutions with built-in compliance features further enhances this approach. These solutions automate critical processes such as Data Protection Impact Assessments (DPIAs), implement standardized incident response protocols, and provide centralized compliance dashboards for complete visibility. By reducing manual effort organizations can enhance productivity while ensuring robust compliance.
TAM: With the advent of Generative AI and other emerging technologies, what new data privacy challenges are businesses in India facing, and how can they proactively address these issues?
Madhusudan Krishnapuram: The rise of Generative AI and emerging technologies has introduced complex data privacy challenges for businesses in India. Key challenges include protecting sensitive data used in AI training, ensuring transparency in automated decision-making processes, and maintaining data sovereignty when utilizing cloud-based AI solutions. Organizations must also address the risk of unintended data exposure through AI-generated outputs and the potential for privacy breaches in collaborative AI environments.
Also read: Importance of Data Protection with the Advent of AI
To address these challenges proactively, robust AI governance frameworks should be implemented that include data minimization principles, strict access controls, and regular privacy impact assessments. Organizations should adopt privacy-preserving AI techniques such as federated learning and differential privacy where applicable.
Establish clear policies for AI model training, implement strong encryption for data in transit and at rest, and maintain detailed audit trails of AI interactions with sensitive data. Regular employee training on AI privacy implications and updated incident response plans that account for AI-specific scenarios are also crucial.
TAM: How can Indian organizations balance customer trust, compliance requirements, and technological innovation while safeguarding sensitive data in a globalized digital ecosystem?
Madhusudan Krishnapuram: As Indian organizations navigate the complexities of the digital landscape, striking the right balance between customer trust, regulatory compliance, and innovation is essential. The key to achieving this balance lies in adopting a “security-first” approach to innovation. By leveraging solutions such as zero-trust architecture, end-to-end encryption, and granular access controls, businesses can pursue innovation while ensuring robust data protection.
Organizations that treat compliance as a foundation for building customer trust are the most successful. Transparent data handling practices, strong data localization efforts, and empowering customers with control over their data through self-service options are key to this approach. Investing in flexible compliance technologies that cater to both regulatory needs and innovation is essential. Solutions such as automated compliance monitoring, AI-powered security tools, and cloud-native platforms with integrated compliance features can streamline this process.
TAM: What role do industry leaders see for collaborative efforts between private organizations and government bodies in strengthening India’s data privacy framework in the coming years?
Madhusudan Krishnapuram: Public-private collaboration is fundamental to strengthening India’s data privacy landscape. The complexity of today’s digital ecosystem demands a unified approach where industry expertise meets regulatory oversight. A collaborative framework where private organizations contribute their technological insights and practical implementation experience to help shape effective privacy regulations. This partnership can bridge the gap between regulatory requirements and operational realities, particularly in areas of AI and emerging technologies. Industry leaders should actively participate in government consultations, share best practices, and provide real-world feedback on implementation challenges. This collaborative approach can help develop practical guidelines that protect consumer interests while fostering innovation. For instance, joint initiatives in areas like cybersecurity threat intelligence sharing, privacy-enhancing technologies, and standardized compliance frameworks can significantly strengthen the overall privacy ecosystem.