The JITO Bangalore South and JPF South team successfully organized an informative webinar on the Digital Personal Data Protection (DPDP) Rules, receiving an enthusiastic response with over 100 members attending the session on 29th January 2026. The Digital Personal Data Protection (DPDP) Act, 2023, is India's first comprehensive legislation regulating the processing of digital personal data, balancing individual privacy rights with lawful data usage. Enacted on August 11, 2023 and will be completely implemented by 2027, it mandates explicit, specific consent for data usage, requires "Data Fiduciaries" to secure data, and imposes penalties up to Rs. 250 crore for breaches.

The session was led by Shri Narasimhan Elangovan, Co-Founder and Cyber Security Practice Leader at InCorp Advisory Services. The session started with a navkar mantra. JITO Bangalore South Chairman Shri Ranjeet Solanki welcomed the participants to the session. He said that in today's world, data is most important for any business and protecting digital data and personal data of customers is crucial.

The speaker, Shri Narasimhan Elangovan, shared valuable insights on the regulatory framework and practical aspects of data protection compliance, drawing from his extensive experience in Cyber Security Audits, Privacy Audits, SOC 2, and IT attestations, and auditing emerging technologies such as Artificial Intelligence (AI), Big Data, and the Internet of Things (IoT). His strong academic background added immense depth and credibility to the session.

He explained, that the Act applies to the processing of digital personal data within India, including data collected offline but digitized, and data processed outside India to offer goods/services to citizens. Key definitions include Data Principal (the individual to whom the personal data relates), Data Fiduciary (the entity that determines the purpose and means of processing), and Significant Data Fiduciary (entities notified by the government based on data volume or risk to electoral democracy/public order). Data Principals have rights such as accessing information about personal data, correction, completion, updation, and erasure, grievance redressal, and nominating someone in case of death or incapacity. Data Fiduciaries must process data only for lawful purposes with explicit consent, notify the Data Protection Board of India and affected individuals in case of a breach, and obtain verifiable parental consent for children's data (under 18). Fines range from Rs. 50 crore to Rs. 250 crore for violations like failing to take security measures or report data breaches. Central government agencies may be exempted from certain provisions for security and public order. The Act is being implemented in phases, with the Data Protection Board of India establishment and initial rules focusing on compliance.

The webinar was hosted by CA Gajesh Bhandari. Also marked their presence were JITO Apex Secretary Shri Sripal Bachawat, JITO Bangalore South Chief Secretary Shri Nitin Lunia, CS Raunak Gulecha, JPF Convener, under the able JPF committee chairman of CA Harikishan and Chief Secretary CA Preksha Bhandari, event Co-convener Shri. Tarun Kumar provided dedicated technical support, ensuring smooth execution of the webinar. The interactive session witnessed active participation and engaging discussions, reaffirming JITO JPF’s commitment to delivering knowledge-driven initiatives for professional development.