India's Digital Personal Data Protection (DPDP) Act of 2023 is poised to have a significant impact on cybersecurity practices, with the expected notification of DPDP Rules around September 28, 2025, as reported by The Cyber Express.The DPDP Act introduces strict measures for breach handling, consent governance, and the establishment of the Data Protection Board (DPB). Notably, the act allows for substantial penalties of up to ₹250 crore (about $28 million USD) for severe data breaches resulting from lapses in implementing security safeguards. The act also outlines the process for appeals, with orders from the Board appealable to the Telecom Disputes Settlement and Appellate Tribunal (TDSAT). Additionally, the act mandates prompt breach notifications to both the DPB and affected individuals, aligning with CERT-In's existing reporting requirements.The implementation of the DPDP Act will necessitate organizations to enhance their cybersecurity measures, including continuous breach detection, pre-approved communication templates, and robust evidence capture capabilities. Consent managers will play a crucial role in managing user consents across multiple data fiduciaries, emphasizing the need for verifiable and portable consent mechanisms. As the act's provisions phase in, entities designated as Significant Data Fiduciaries will face additional responsibilities, such as conducting Data Protection Impact Assessments (DPIAs) and maintaining enhanced grievance processes.Source: The Cyber Express
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds