/newsdrum-in/media/agency_attachments/2025/01/29/2025-01-29t072616888z-nd_logo_white-200-niraj-sharma.jpg){kind=logo}
/newsdrum-in/media/member_avatars/9Rj3p38eDEeibqzKtTLR.jpg )
Follow UsNew Delhi, Nov 14 (PTI) IT industry bodies Nasscom and Data Security Council of India (DSCI) on Friday underlined the critical importance of implementing the Digital Personal Data Protection Rules, 2025, practically and proportionately, calling for a balanced approach that supports innovation and growth in India's digital economy.
While the institutions acknowledged the clarity brought by the new rules, they stressed that operationalising the framework effectively is the next major challenge for industry stakeholders.
"With the Rules now in force, the industry has a clearer and more actionable roadmap. Our focus now moves to supporting implementation in a manner that is practical, proportionate and aligned with the objectives of the law," Nasscom and DSCI said in a joint statement.
The government notified the much-anticipated Digital Personal Data Protection Rules 2025 on Friday, with phased implementation scheduled over 12-18 months.
These rules are aimed at empowering citizens by giving them greater control over their personal data, enabling them to monitor for misuse and safeguard their privacy online.
While certain provisions will take effect immediately, key requirements -- such as the registration and responsibilities of consent managers, the obligation for data fiduciaries to issue notices before processing personal data, and other major norms -- will be rolled out gradually.
Nasscom and DSCI commended the Ministry of Electronics and Information Technology for adopting a "constructive, consultative approach" throughout the drafting process, and said the final rules largely preserve the structure and policy choices of the draft framework, while introducing a transparent and predictable phased commencement schedule.
The sections addressing data processing by the government remain broadly consistent with the draft, with refined drafting that improves readability without altering the underlying intent.
“At the same time, it is important to recognise that certain matters raised by industry during consultation arise from the architecture of the Act itself and could not realistically be addressed through subordinate legislation. These include the overarching structure of parental consent, the statutory age threshold for children and the requirement that all personal data breaches be notified,” it noted.
Wipro said that India has entered a new era of privacy.
"In the age of AI, trust is crucial. And because AI depends on large volumes of data, strong privacy protections must come first," Ivana Bartoletti, Chief Privacy and AI Governance Officer, Wipro Ltd, said.
The DPDP rules marks an important step in strengthening India's digital ecosystem and aligns closely with the country's recent AI governance guidelines, Bartoletti added.
Robust data governance, anchored in clear responsibilities, defined structures, consent and privacy by design, allows organisations to grow in a sustainable and accountable manner.
"It is the foundation for the public confidence that citizens and consumers need, as innovation accelerates and technology becomes ever more embedded in daily life," the Wipro senior executive added.
Nasscom represents India's USD 283 billion technology industry, with 3,000+ member companies. DSCI, an initiative of Nasscom, focuses on data protection, cybersecurity, and privacy. PTI ANK MBI TRB