As India prepares to implement the Draft Rules under the Digital Personal Data Protection Act (DPDP Act), the data privacy and cybersecurity landscape is entering a period of rapid change. With cyber threats growing in volume and complexity, organisations are under increasing pressure to strengthen their data protection measures. In this environment, the role of the Data Protection Officer (DPO) becomes central, not just for compliance, but for risk mitigation and resilience.
Despite regulatory progress, businesses continue to face significant challenges, including targeted cyberattacks, data breaches, and sophisticated phishing scams. Appointing a DPO can beaneffective way for organisations to proactively manage these threats, in partnership with the cyber and tech teams. As the dedicated point of contact for data protection matters, a DPO provides critical oversight, ensuring privacy strategies align with legal requirements and are implemented across the business. Their presence helps organisations navigate incidents more efficiently, strengthen data governance, and build trust with stakeholders.
The broader digital ecosystem is evolving, as India makes important strides in building out its cybersecurity infrastructure to keep pace with digital growth. With 370 million malware attacks recorded in 2024 alone, the urgency to act is clear. The ability to detect and respond to threats quickly is no longer optional. DPOs can play a leading role in embedding cybersecurity best practices into business operations by supporting initiatives such as staff training, incident response planning, and the implementation of privacy operations and documentation.
Emerging technologies bring new risks
Generative AI has enabled cybercriminals to craft convincing phishing emails and simulate voices to authorise fraudulent transactions. In response, the DPDP Act has introduced stronger safeguards, including stricter consent requirements, protections for AI training datasets, and penalties of up to USD 30 million for non-compliance. A DPO helps organisations understand and implement these measures, reducing their exposure to penalties and reputational harm. They are also well-positioned to bridge privacy operational gaps by facilitating cross-functional communication and aligning internal policies with global standards and the DPDP framework.
Embedding the DPO role well ahead of the enshrining of the DPDP Act is essential. By guiding compliance, leading incident response efforts, and championing a culture of privacy and security, DPOs can help organisations navigate uncertainty with confidence.
At HewardMills, we support businesses in preparing for and responding to cybersecurity risks. Our team of global data protection and privacy professionals works closely with internal teams to assess readiness, perform audits, and align security practices with regulatory and global standards. As the digital threat landscape evolves, partnering with a dedicated DPO function is not just good practice—it’s a strategic imperative.
