Don’t miss the latest developments in business and finance.

Firms need time to comply with data protection law: Vinayak Godse

'Companies will need to overhaul processes and adjust operations'

vinayak godse
Vinayak Godse, chief executive officer of Data Security Council of India
Ashutosh Mishra
3 min read Last Updated : Sep 15 2024 | 11:00 PM IST
Companies will need time to comply with the Digital Personal Data Protection Act (DPDP) whose rules are to be released, according to VINAYAK GODSE, chief executive officer of Data Security Council of India (DSCI). It’s a non-profit non-profit organisation set up by NASSCOM and works in cybersecurity and privacy. “Companies will need to overhaul processes and adjust operations”, he said in an interview with Ashutosh Mishra in New Delhi. Edited excerpts:


The DPDP rules are expected this month but a recent report shows that 60 per cent of Indian companies aren't meeting basic compliance. How is compliance with DPDP expected?
 
Compliance with the DPDP Act will indeed take time, much like we saw with the General Data Protection Regulation (GDPR) in Europe. Even after the DPDP rules are finalised and the law is enforced, companies will need to overhaul processes and adjust operations. Digital-first companies are better prepared but for others, especially those with legacy systems, it will require starting from scratch on data management. Similar to GDPR, Indian businesses will need to significantly rework their frameworks, processes and technologies to meet the Act's requirements, and that will take time.
 
What are the imminent cybersecurity threats?
 
The scale of digitisation in India, particularly in sectors like digital payments, critical sectors like oil and gas, and manufacturing, has introduced complex security challenges. We are seeing increased exposure of critical infrastructure to cyber threats which is a concern. Emerging technologies like AI, drones, and semiconductors, while offering opportunities, bring new vulnerabilities. The rise of ransomware and the rapid evolution of threats demand real-time response and resilience in security operations, which is the way forward.
 
Financial scams and phishing cause significant financial losses. As the head of DSCI, what solutions do you propose to address this?
 
What we advocate is a systems-thinking approach. We need to reduce the cognitive burden on end-users by minimising their involvement in security decisions, like passwords or OTPs (one-time passwords). By improving fraud management systems and utilising advanced authentication technologies, we can prevent fraudulent transactions in real-time. While awareness and education are crucial, scalable solutions that rely less on user input and more on systemic security are essential to stop this. 
The RBI (Reserve Bank of India) is also working on alternatives to the OTP mechanism and globally also the dialogue to reduce dependence on OTPs. 
 
A recent Gartner report said deepfakes are a problem for enterprises and can cause financial losses. What is your assessment of the risk?
 
The identity verification, management and authentication processes that we devise are definitely facing challenges due to deepfakes, especially in biometric and video or face authentication. However, technology is also maturing. It's becoming harder for deepfakes to bypass face recognition systems. While deepfakes pose a significant challenge, I would say that many AI-based solutions are emerging to manage and counter these threats effectively.
 
You had asked for support for India’s cybersecurity sector? Is it something that you see being done as a policy measure?
 
We are advocating for special policy provisions to boost cybersecurity investments, especially in health care and education. We have highlighted the need for policy support for the cybersecurity sector ahead of the (Union) Budget, and while steps have been taken in the right direction, more focused initiatives are needed to spur investments into the sector. These investments will not only strengthen defences but also foster innovation and competition in the domestic cybersecurity market.

Topics :data protection lawsNasscom

Next Story