In today’s data-driven world, where privacy and governance shape the foundation of trust, Dr. Raghuveer Kaur stands out as a leader who has successfully bridged academia and corporate practice. With a Ph.D. from IIT Roorkee and global certifications like ISO 27001 Lead Implementer and PECB DPO, she brings both academic rigor and practical execution into the privacy space. Over the years, she has worked across India and Singapore, leading data protection, governance, and compliance programs that align business growth with regulatory clarity.
Who is Dr. Raghuveer Kaur?
Dr. Raghuveer Kaur is the Data Protection Officer (DPO) at Cateina Technologies and has also served as DPO & GRC Lead at Starfish Digital (Singapore). Her career journey began in academia, where she built her foundation in research and teaching before moving into the corporate world of privacy and GRC. She specializes in GDPR, Singapore’s PDPA, and India’s DPDPA, and has led organizations through ISO 27001 certifications, privacy governance frameworks, and breach readiness programs. Recognized among India’s Top 30 DPOs, she is widely respected for embedding privacy as a culture rather than just a compliance checkbox.
Q1. Dr. Raghuveer, you’ve moved from Academia into corporate leadership in privacy and GRC. What sparked that shift, and how would you describe your journey so far?
Raghuveer: My journey began in academia where I was deeply focused on research, knowledge-building, and teaching. Over time, I realized that while theory shapes understanding, its greatest impact comes when applied to real-world challenges. The shift to corporate leadership in privacy and GRC happened by chance. I was in the product development team for a Singapore based project where Privacy and regulations became integral and that’s how I entered Privacy and GRC domain.The journey so far has been both rewarding and humbling: academia gave me depth, while the corporate world has given me breadth, agility, and the ability to drive tangible change.
Q2. What do you like most about DPDPA?
Raghuveer: DPDPA is clear and simple. Unlike some global laws that can be overly dense, the DPDPA takes a pragmatic approach, ensuring organizations of all sizes can understand and implement it. I also appreciate how it emphasizes individual rights while encouraging digital innovation, striking a balance between protection and progress, a much-needed stance in India’s rapidly digitizing economy.
Q3. What do you dislike most about DPDPA?
Raghuveer: There are a few on my list. Like the delays in full rules and applicability, the a lack of sector-specific guidance. Given India’s diverse industries from fintech to healthcare to manufacturing more tailored implementation frameworks will be necessary. Additionally, the absence of a strong emphasis on concepts like “privacy by design” could slow down the cultural shift towards embedding privacy into product lifecycles.
Q4. You work with GDPR, PDPA, and now India’s DPDPA. From your perspective, what makes the DPDPA unique in its approach?
Raghuveer: The DPDPA is unique in its India-first orientation. It is not a direct transplant of GDPR but rather a framework designed to suit India’s digital and economic context. Its risk-based compliance model, emphasis on consent as the cornerstone of processing, and graded penalties are aligned with encouraging digital adoption while maintaining accountability. It is consent-focused like Singapore’s PDPA. While GDPR speaks about expansive extraterritorial scope, the DPDPA is lean and implementation-friendly, which makes it more accessible to organizations starting their privacy journey. This balance of practicality, scalability, and user empowerment sets it apart.
Q5. At Cateina Technologies, you’ve been leading as a DPO for nearly four years. What has been your proudest achievement in shaping the organization’s privacy posture?
Raghuveer: My proudest achievement has been embedding privacy into Cateina’s DNA. We built a mature governance framework with PbE in our approach, breach readiness, and training. We achieved ISO 27001 certification and made our API platform FAPI-compliant. Today, privacy is not just policy; it’s something our teams practice “every day”.
Q6. What lessons from leading data protection in Singapore’s regulatory ecosystem do you think are most relevant to India’s new DPDPA era?
Raghuveer: From my experience in Singapore, one big lesson is the importance of practical, industry-friendly implementation. The PDPA there was successful because the regulator worked closely with businesses through sandboxes, sectoral guidance, and a strong focus on awareness-building. Another lesson is around embedding accountability: organizations were encouraged to go beyond just “ticking compliance boxes” and instead build trust through privacy governance frameworks. For India, these two elements of collaboration with industry and building a culture of accountability will be key in making the DPDPA not just a law on paper but a driver of digital trust in practice.
Q7. Do you see RBI, SEBI, and IRDAI requirements conflicting with DPDPA, or do they complement each other in India’s compliance ecosystem?
Raghuveer: I see them as complementary layers rather than conflicting mandates. RBI, SEBI, and IRDAI have long focused on sector-specific priorities like financial stability, investor protection, and policyholder security. The DPDPA, on the other hand, introduces a horizontal framework centered on individual rights, consent, and accountability. The overlap is natural, but not necessarily problematic; what’s needed is regulatory harmonization to align areas like consent management, retention, and breach reporting. If that alignment is achieved, India’s compliance ecosystem will be stronger, more consistent, and easier for organizations to operationalize.
Q8. You hold advanced certifications (ISO 27001 Lead Implementer, CIPT, PECB DPO, PrivacyOps). Which has been most transformative for your career?
Raghuveer: Ans. PECB DPO course has helped me immensely as it is largely GDPR focused. But a large part of my learning came from the project I was working on. It required learning and implementing ISO27001 which will always be relevant, despite what regulations come into force. A ton of free resources from OneTrust, Securiti etc also helped me.
Q9. It’s always interesting to ask this question: if you had the chance to improve one aspect of the DPDPA by drawing from global best practices, what would you focus on and why?
Raghuveer: I’d focus on clear sector-specific guidance and regulatory sandboxes. In Singapore, these helped banks, healthcare firms, and startups test real solutions without fear of penalties, while still aligning with the law. If India’s DPDPA adopts this approach, it will make compliance more practical and help organizations move from theory to implementation faster.
Q10. One question we love asking every expert is about the next generation: as a privacy leader, what guidance would you share with young professionals who are eager to shape their careers around the DPDPA?
Raghuveer: Read a lot of things and understand them, especially the intersection of technology and Law. Privacy sits at the intersection of law and technology. Learn from real use cases whether it’s consent management, cross-border transfers, or AI ethics. The goal is to design trust into every product and service, and if you stay adaptable, you’ll always stay relevant.
Closing Summary
As India embraces the DPDPA, Dr. Raghuveer Kaur’s work demonstrates how global best practices can be tailored to India’s digital economy. She emphasizes the importance of collaboration between regulators and businesses, sector-specific guidance, and building trust through privacy-by-design. Her journey reflects adaptability and foresight, showing how theory from academia, when applied in practice, can drive real-world impact. For young professionals entering the field, her advice is simple yet powerful: stay curious, read widely, and learn to design trust into every system.
