DPDP Act: A Pillar for Strengthened Data Governance in India
In an age dominated by digital connectivity, the safeguarding of personal data has emerged as a pressing necessity. With cyber threats and data breaches becoming increasingly sophisticated, India has taken a decisive step through the Digital Personal Data Protection (DPDP) Act—a legislation designed to protect everything from individual health and financial data to information tied to national defence.
In an open interview, Sanjay Kumar Panda, Deputy Director General (DDG) at the Department for Promotion of Industry and Internal Trade (DPIIT), Government of India, discusses with Elets News Network (ENN) how the DPDP Act affects India’s stance on privacy, transparency, and digital governance. Here are key excerpts from the interaction:
Why India Needs the DPDP Act Now More Than Ever
The introduction of the DPDP Act couldn’t have been timelier. According to Panda, data concerning an individual’s health conditions, financial status, and defence affairs—including classified military information—is too critical to be left unguarded. He emphasised that these forms of data are highly sensitive, and without robust legal protection, the risks are immense.
“Whether it’s personal health records or strategic defence information, data in today’s environment must be protected through well-defined frameworks. That’s where the DPDP Act steps in—it forms the cornerstone of our legal infrastructure around data security,” he noted.
Despite this progress, Panda acknowledged that effective implementation remains challenging. “Building multi-layered, secure systems that can withstand cyber intrusions is not easy. We are working toward improving these frameworks, but the complexities involved make it a continuous task,” he said.
How Technology Aids in National Data Security
Drawing from his own experience at the Army Headquarters, Panda elaborated on how techniques like cryptography and data masking have long been used in defence settings to ensure secure communication. These methods ensure that even if data is intercepted, it remains inaccessible without proper authorisation.
With the increasing shift toward cloud-based infrastructure, Panda highlighted the growing reliance on private and hybrid cloud environments. “Private clouds are especially suited for handling sensitive information because they restrict access and maintain strict control. For defence data, this level of security is non-negotiable,” he explained.
The DPDP Act also supports this technological evolution by clearly outlining boundaries: while personal data can be used for research or statistical purposes under strict conditions, it cannot be freely accessed. “You can’t allow public access to someone’s medical records or information about nuclear projects. That’s not just about privacy—it’s about national safety,” he remarked.
Balancing Privacy, Transparency, and Legal Frameworks
One of the Act’s notable strengths, according to Panda, lies in how it complements other key legislations like the Right to Information (RTI) Act and the Aadhaar Act. While RTI encourages open governance, and Aadhaar provides an identity framework, the DPDP Act ensures that personal information is not compromised in the process.
“The aim is to strike a balance,” Panda said. “RTI upholds transparency, but DPDP insists on privacy. Similarly, Aadhaar needs to evolve with current data protection norms, especially in terms of user consent and limiting data collection.”
Panda revealed that the government is actively working to align these frameworks to create a unified, rights-based data governance model. This will not only protect citizens’ personal freedoms but also strengthen India’s digital economy and democratic values.
Protecting the Nation While Respecting the Individual
At its core, the DPDP Act seeks to uphold both individual privacy and national interests. It restricts the collection and processing of personal data to specific, necessary contexts—ensuring that consent is always sought and data use is justified.
“Security does not have to come at the cost of privacy,” Panda asserted. “The Act ensures that sensitive information—particularly relating to strategic operations and national defence—remains inaccessible to unauthorised persons. But at the same time, it enforces clear rules around how personal data should be collected, stored, and used.”
The DPDP Act, therefore, is not just a legal instrument—it’s a foundational step toward building public trust, ensuring accountability, and preparing India for the next phase of digital transformation.