The Digital Personal Data Protection (DPDP) Act, 2023 will play a pivotal role in strengthening citizen confidence in digital services and positioning India as a globally trusted digital economy, S. Krishnan, Secretary, Ministry of Electronics and Information Technology (MeitY), said on Saturday.
Speaking at the Digital Autonomy 2026 conference organised by Data SafeGuard India International Center in New Delhi, Krishnan said the DPDP Act strikes a careful balance between protecting individual rights and enabling responsible, data-driven innovation. With artificial intelligence increasingly shaping economic and governance models, he noted that India has a unique opportunity to build “trusted growth” anchored in strong data protection norms.
Krishnan highlighted that India’s expansive digital public infrastructure—such as Aadhaar and the Unified Payments Interface (UPI)—demands a robust and future-ready personal data protection framework that places citizens at the centre of the digital economy. The government, he said, is working aggressively to operationalise the DPDP Act, ensuring that trust becomes the foundation of India’s digital transformation.
Emphasising the consultative nature of the law-making process, Krishnan said the DPDP Rules were not rushed. “There was rigour at every stage. We consulted widely, and the draft rules alone received nearly 6,000 comments, reflecting deep stakeholder engagement,” he noted.
The initial provisions under the DPDP Rules, notified by the IT Ministry in November 2025, have already laid the groundwork for implementation. These include the establishment of the Digital Data Protection Board of India, designation of the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) as the appellate authority, and a structured penalty framework.
Describing the DPDP Act as principle-based and technology-agnostic, Krishnan said it is aligned with global best practices while remaining rooted in India’s socioeconomic and institutional realities. The law provides a comprehensive set of rights to individuals, including the right to access personal data, seek correction and erasure, exercise the right to be forgotten, lodge grievances, and nominate a representative to exercise rights in case of death or incapacity.
For enterprises and organisations, Krishnan said the Act necessitates a fundamental shift in mindset—from compliance as a checkbox exercise to embedding privacy by design and privacy by default into business processes. Institutionalising grievance redressal mechanisms and integrating privacy into organisational workflows, he added, are critical for effective implementation. “The responsibility of implementation is shared between the government, industry, and the wider digital ecosystem,” he said.
The Centre is currently focused on operationalising the Data Protection Board, building capacity across ministries, public sector undertakings, and state governments. At the same time, private and public organisations must invest in skilled personnel, data governance processes, and appropriate technologies, along with sector-specific adoption models.
Recognising the concerns of smaller businesses, Krishnan said the government is keen to support MSMEs and startups through affordable and scalable compliance solutions, ensuring that regulation does not become a barrier to innovation. Indigenous technology, he stressed, remains a cornerstone of India’s digital strategy.
Homegrown privacy-enhancing technologies—such as automation and AI-driven governance tools—can significantly reduce compliance costs, improve auditability, and strengthen national digital resilience, the IT Ministry believes. “This aligns with our broader vision of building globally respected digital products from India—not just for India, but for the world,” Krishnan concluded.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
