CII-Tata Communication Centre for Digital Transformation and Protiviti Member Firm for India, a global consulting firm, had jointly collaborated to release a comprehensive survey report titled the "State of Data Privacy in India" during the Conference on Data Privacy: Navigating the Future of Data Protection on Friday, 30th August 2024.
This report marked one of the first comprehensive studies following the enactment of the Digital Personal Data Protection (DPDP) Act, 2023, offering critical insights into data privacy practices, challenges, and perceptions across organisations in India.
Dr Prasad Patibandla had remarked that, "The 'State of Data Privacy in India' survey report, launched today by the Confederation of Indian Industry (CII) and Protiviti, represents a pivotal step in India's digital evolution. Released at a crucial juncture following the enactment of the DPDP Act, 2023, the report offers a detailed overview of the current data privacy landscape in the country. India's data privacy laws have seen significant progress, beginning with the Information Technology Act of 2000, which laid the foundation for data protection. As the demand for comprehensive privacy regulations grew, the Data Protection Bill 2019 was introduced. The Digital Personal Data Protection (DPDP) Act marks a key milestone, emphasising critical aspects such as user consent, data minimisation, and accountability. By addressing individual rights and organisational duties, the DPDP Act supports strong data privacy practices in the digital era."
The report highlighted how companies had been navigating the complex landscape of data privacy, drawing attention to both their successes and the challenges they had encountered. It provided organisations with the guidance needed to align with best practices and regulatory requirements while maintaining the trust of their stakeholders.
At the event, Dr Shuktij Singh Rao, Executive Director at CII Digital, stated, "We are at a pivotal moment in the digital era where data privacy is not just a regulatory requirement but a fundamental aspect for building market equity. With the enactment of the DPDP Act, 2023, the country continues to navigate the digital transformation journey. I am confident that insights from this report will serve as a crucial resource for decision-makers and privacy professionals for advancing data privacy in India."
Commenting on the report’s significance, Sandeep Gupta, Managing Director at Protiviti, said, "While at an overall measure we are moving up the data privacy scale, there remain substantive concerns on transparency, with 82% of survey participants believing that companies are either not fully transparent or only partially transparent in their data handling practices. This highlights the need for stronger privacy governance, resource allocation, and technology adoption to navigate the evolving data privacy landscape."
Amit Sinha Roy, Vice President and Global Head of Strategic Alliances at Tata Communications, added, "The report goes beyond presenting findings, by providing actionable recommendations for organisations to enhance their data privacy posture. These are designed to help decision-makers, privacy professionals, and stakeholders take proactive steps to advance data privacy practices within their organisations."
The survey had collected responses from over 240 organisations across various industries, gathering insights from senior management, middle management, and operational staff. It had addressed key aspects of data privacy, including perception and awareness, key drivers influencing privacy, privacy governance, privacy program maturity, and the adoption of technology.
The Conference on Data Privacy: Navigating the Future of Data Protection had brought together prominent stakeholders from the industry, who deliberated on the challenges and implementation needs. Topics discussed included building digital trust with consumers, the role of privacy-enhancing technologies for compliance, the impact of privacy on emerging technologies (AI, IoT, 5G, AR/VR), and privacy by design, which focuses on integrating privacy into the development and operation of IT systems and business practices.