Navigating DPDPA in Banking

Compliance, Impact, and AI-Powered Strategies for Futureproofing

As the data protection regulations have become a global priority, India’s regulatory environment also achieved an important milestone by enacting Digital Personal Data Protection Act (DPDPA), 2023 and releasing of the draft DPDP Rules, 2025 to safeguard individual’s personal data and privacy rights.

As we move forward, enforcement and compliance with the new data protection regulations will have an enormous impact, particularly on banks who are the custodian of huge volume of financial and personal data. For banks, complying with DPDPA will not be a matter of legal compliance but will be an existential imperative in an environment where privacy needs to be a core part of the business and operational processes.

At Protiviti, leveraging our expertise in privacy and data protection, we delve into the implications of DPDPA for banks, decoding its intersection with sectoral regulations provided by RBI and SEBI, the operational and technological shifts required, and how institutions can futureproof their data privacy strategy to ensure compliance, resilience, and trust in the digital age.

Drawing from the State of Data Privacy in India – Survey Report, where the banking sector emerged as the most represented industry, the following insights highlight key readiness gaps and challenges—establishing a baseline as we explore the path forward.