Challenges of the DPDP Act Discussed at CyberSec India Roundtable

Bengaluru, November 28, 2025: Media Fusion and heise medien GmbH & Co. KG recently hosted an exclusive precursor leadership roundtable for the cybersecurity industry in Bengaluru, uniting senior Chief Information Security Officers (CISOs), Data Protection Officers (DPOs), cybersecurity strategists, technology leaders, and policy influencers. The gathering served as a timely prelude to the upcoming CyberSec India Expo 2026, which is set to take place on April 23–24, 2026, at the Bombay Exhibition Centre, Mumbai. This notable event is anticipated to attract high-profile attendees from government bodies, defense programs, global tech giants, consulting powerhouses, policy think tanks, and major enterprises across various sectors. With over 3,200 cyberattacks per week targeting Indian enterprises, the urgency of establishing robust cyber resilience has never been more pressing, cementing India’s status as one of the most targeted nations for cybercriminals.

The closed-door roundtable took on the theme, “Bridging the CISO–DPO Divide: Shared Accountability under the DPDP Act,” which emphasized the critical need for expanded collaboration between cybersecurity and data privacy leadership in light of significantly evolving regulatory expectations. The recent enactment of the Digital Personal Data Protection (DPDP) Act has revamped governance structures, redefining accountability for organizations managing personal data. Insights from industry research revealed that over 60% of Indian enterprises are currently unsure about how to implement compliance frameworks that align with the DPDP, while nearly 50% face major obstacles due to talent shortages. These statistics underscore the critical need for cohesive execution models uniting CISOs and DPOs.

Prominent figures in the industry graced the roundtable, including luminaries such as Mr. Srinjoy Banerjee, Mr. Ramesh Venkateaman, Dr. Lopa Basuu, Mr. Sandeep Rao, and Mr. Joerg Muehle, along with representatives from leading organizations like McAfee, Indian Railways, Persistent Systems, Carl Zeiss, Unilever, Nexusnow.ai, LexOrbis, and others. This assembly created an invaluable space for dialogue and insight-sharing among key stakeholders.

Deliberations revolved around pivotal questions regarding whether the DPDP Act will emerge as a transformative dealmaker in establishing unified privacy-security governance or possibly become a deal-breaker if operational roles and processes remain disjointed. Participants emphasized the necessity of immediate implementation priorities, privacy-by-design and security-by-design strategies, readiness for responsible AI regulation, and cross-sector data protection. They also discussed the significance of aligning with global standards for interoperability in security and privacy.

Mr. Raghavendra Deshpande, AGM Global Business Enterprises at Reliance Communications Limited, voiced concerns that “AI-driven threats and agentic AI will require CISOs and DPOs to adopt new security frameworks to protect both AI systems and sensitive data.” He highlighted that fragmented global regulations, alongside potential fines reaching up to 10% of global revenues, will necessitate robust governance and improved risk management. He also pointed out that the escalating attacks on critical infrastructure, compounded by geopolitical tensions, are expanding the landscape of cyber threats, making resilience paramount. Mr. Deshpande underscored the evolving roles of CISOs and DPOs, stating, “CISOs are now evolving into Chief Resilience Officers.”

Mr. Hariharan R., Head of Global Consumer Services at McAfee, stressed the urgency for stronger data governance and more transparent consent management processes in response to the DPDP Act. He identified challenges that will arise with the rapid adoption of AI, such as managing AI hallucinations, enhancing governance, and balancing automation with essential human oversight. His emphasis on collaboration among cybersecurity, privacy, and technology teams underscores the critical nature of leading these initiatives smoothly and securely.

Ramesh Venkatraman, Hon. Director at FDPPI and Portfolio Manager for QMS/ISMS at Carl Zeiss, pointed out that 2026 will see enterprises grappling with multidimensional cybersecurity challenges driven not just by advancements in AI and machine learning, but also by an increasingly complex global regulatory landscape affecting more than 140 countries. He argued that cybersecurity must no longer be the sole responsibility of specialized teams, but rather a mindset adopted by every employee. Ramesh iterated the significance of events like CyberSec India Expo in fostering national cyber resilience, promoting collaboration, and raising awareness across the industry.

Dr. Anup Dayananda Sadhu, CISO of Indian Railways, underscored the crucial responsibility organizations like his have in safeguarding vast amounts of personal data. He indicated a commitment to implementing the DPDP Act within the next 18 months and emphasized that initiatives like the CyberSec India Expo are essential for raising cybersecurity awareness particularly within government organizations. He urged that keeping pace with evolving regulations and increasing data exposure must be prioritized.

The discussion also highlighted a concerning 30–50% talent shortfall in cybersecurity and privacy roles across India. As organizations allocate increased investment into their governance infrastructure, leaders discussed the importance of coordinated workforce development, capability acceleration, and establishing shared accountability frameworks as key next steps moving forward.

As anticipation builds for the CyberSec India Expo 2026, which promises a robust agenda featuring an exclusive two-day conference, advanced workshops, policy forums, hands-on technology demonstrations, and unified exhibitor zones, the precursor roundtable has decisively positioned itself as a strategic platform for aligning priorities, exchanging actionable insights, and enhancing India’s preparedness against the backdrop of escalating cyber threats and heightened regulatory complexity.

Post Views: 56