Blog
Login
Mumbai: The Bombay Chamber of Commerce and Industry, through its Legal & IPR Committee, convened a high‑level webinar on the Digital Personal Data Protection (DPDP) Act and the newly notified rules. The programme brought together leading legal experts and industry representatives to explore the legislation’s wide‑ranging impact and to share practical insights on how businesses can adapt to an evolving regulatory environment.
Held on December 05, 2025, the session clarified the compliance requirements organisations must meet within the 18‑month transition period. Sandeep Khosla, Director General of the Bombay Chamber, delivered the welcome address and acknowledged the efforts of Attreyi Mukherjee, Co‑Chair of the Legal & IPR Committee and Vice‑President & Head of Legal, Mahindra & Mahindra (EV Business), for her role in actively shaping and planning the discussions.
Speakers Supratim Chakraborty, Partner at Khaitan & Co, and Sumantra Bose, Counsel at Khaitan & Co, outlined the scope of the Act and explained how it reshapes organisational accountability. They emphasised that the law introduces binding standards for consent, data minimisation, breach response, retention controls and governance. The discussion highlighted that these obligations are not routine adjustments but fundamental changes to how enterprises handle personal data.
Participants were reminded that the compliance window is short and that delaying action could expose organisations to operational disruption, legal consequences and reputational damage. The speakers examined practical steps for implementation, including revising contracts, updating internal processes and strengthening technical safeguards. They also addressed the role of consent managers, the handling of children’s data, and the responsibilities of significant data fiduciaries.
The session explored the challenges of breach reporting, particularly the requirement to notify multiple regulators and affected individuals. Attention was also given to data retention and deletion, with guidance on navigating the new framework. The speakers noted that organisations must prepare for audit‑ready governance and be able to demonstrate compliance at short notice.
Cross‑border data transfers were another area of focus, with discussion on how the rules alter existing practices and what safeguards are now expected. The webinar also touched on mergers and acquisitions, stressing that data protection considerations will become central to due diligence and transaction planning.
The panel discussion and Q&A session, moderated by Attreyi Mukherjee, Co‑Chair of the Legal & IPR Committee, Bombay Chamber and Vice‑President & Head of Legal, Mahindra & Mahindra (EV Business), highlighted the need for companies to treat compliance as an immediate priority, not something to be delayed. The speakers stressed that the Act requires organisations to act now, both to meet legal requirements and to maintain the trust of customers and stakeholders.
The webinar helped cut through the complexity of the legislation and gave attendees clear, practical insights. By explaining the law’s requirements and the risks of non‑compliance, it underscored the need for proactive preparation during the transition period.
(Write to us at editorial@bombaychamber.com)
