Top 10 operational impacts of India’s DPDPA – Data breaches

This article is part of a series that explores components of the DPDPA.

India's need for tighter cybersecurity has been growing with increasing digitization and connectivity, both locally and globally. While India's government has taken steps to enhance cybersecurity measures through policies and regulations, there has been a rapid surge in cyber incidents, including ransomware attacks, phishing schemes and data breaches.

In 2022, the Indian Computer Emergency Response Team, the national agency tasked with performing various functions around cybersecurity, issued directions related to information security practices, procedures, and the prevention, response and reporting of cyber incidents.

Since then, the government's initiatives have shifted toward regulating data fiduciaries and imposing higher penalties on them, recognizing their crucial influence on managing the flow of personal data — rather than primarily focusing on preventing cybersecurity incidents.

Prevention versus cure

India's Digital Personal Data Protection Act defines a personal data breach as "any unauthorized processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction or loss of access to personal data, that compromises the confidentiality, integrity or availability of personal data."