New DPDP rules redefine India’s cyber governance, industry leaders say

New Delhi: The enforcement of the Digital Personal Data Protection (DPDP) Rules, 2025 marks a defining shift in India’s cybersecurity landscape, positioning data protection and governance as critical business imperatives rather than compliance formalities, says industry experts.

Ahead of the CyberSec India Conference 2026, industry leaders highlighted that as organisations adapt to a more stringent regulatory environment, there is an increasing focus on measurable accountability, board-level oversight, and resilience against evolving cyber threats.

The second edition of the CyberSec India Conference 2026, co-located with CyberSec India Expo 2026, will be held on April 23–24, 2026 at the Bombay Exhibition Centre (BEC), Mumbai, bringing together policymakers, industry leaders, and cybersecurity experts to deliberate on the future of India’s digital defence ecosystem.

.Decisive governance behind India’s cybersecurity transformation. "The activation of the DPDP Rules, 2025 marks a significant shift from awareness to accountability in India’s cybersecurity ecosystem, as data protection and security obligations become enforceable and organizations must demonstrate board level governance, breach preparedness, and rights centric data protection," Shyamkumar Nair, Regional Chief Security Officer, South Asia, Mastercard.

"With a workforce of around 650,000 cybersecurity professionals, India is steadily positioning itself as a global hub for cyber talent and innovation,” he said.

Sharing his perspective on the regulatory landscape, Dr Lalit Gupta, President, Cyber Security Council of India and Advisory Board Member, CyberSec India 2026, said, “The activation of India’s Digital Personal Data Protection (DPDP) Rules marks a decisive shift in the country’s cybersecurity journey - moving from awareness-driven compliance to enforceable accountability."

"Organisations will now be required to demonstrate strong governance frameworks, robust risk management practices, and clearly defined breach response mechanisms, rather than merely stating their intent to protect data."

Leading cyber security experts will share industry perspective and insights during CyberSec India Conference 2026, said the statement.

New DPDP rules redefine India’s cyber governance, industry leaders say

Follow us on :

Follow Us