Overview
India's Digital Personal Data Protection Act 2023 marks a watershed moment in the country's regulatory landscape, introducing enforceable obligations on data fiduciaries — including consent requirements, purpose limitation, data minimisation, security safeguards, breach notification, and data principal rights — with penalties of up to ₹250 crore per violation. For most organisations, DPDP compliance requires a fundamental review of how personal data is collected, processed, stored, transferred and deleted across the enterprise. Simultaneously, sectoral regulators including RBI, SEBI, IRDAI and the Ministry of Health continue to maintain parallel privacy and data governance frameworks, creating a layered compliance environment that demands coordinated legal strategy.
Jaitley & Bakhshi's Data Privacy & DPDP advisory team provides end-to-end compliance counsel — from initial gap assessments and governance framework design through operational implementation, vendor management, and ongoing regulatory monitoring. We advise corporates, financial institutions, healthcare organisations, technology platforms, e-commerce businesses, and public sector entities at every stage of the DPDP compliance journey, with a particular focus on practical, implementation-ready solutions that integrate legal requirements with business operations.
Our Services
Comprehensive advisory across the full data privacy lifecycle.
Regulatory Landscape
Key laws and frameworks shaping India's data privacy obligations.
DPDP Act 2023
India's principal data protection law — consent obligations, data fiduciary duties, breach notification to the Data Protection Board, data principal rights, and penalties up to ₹250 crore per instance of non-compliance.
GDPR Alignment
Increasingly relevant for organisations with EU operations, EU customers, or cross-border data transfers — GDPR obligations often run parallel to or exceed DPDP requirements, requiring coordinated compliance strategies.
RBI / SEBI Data Norms
Reserve Bank of India and SEBI data localisation, storage, and privacy requirements applicable to banks, NBFCs, payment aggregators, brokers, and other regulated financial entities.
DISHA & NHA Framework
Digital Information Security in Healthcare Act and National Health Authority guidelines governing the collection, storage, processing and sharing of sensitive health and medical data in India.
How We Work
A structured advisory process from assessment to ongoing compliance.
Assessment & Gap Analysis
We conduct a comprehensive review of your current data processing activities, governance structures, vendor arrangements, and existing policies against DPDP Act obligations and applicable sectoral requirements — producing a detailed gap analysis with prioritised remediation recommendations.
Framework Design & Implementation
We design and implement your privacy governance framework — consent management architecture, data processing policies, vendor contracts, privacy notices, data retention schedules, and internal training — providing implementation-ready documents and procedures your team can deploy immediately.
Ongoing Monitoring & Regulatory Support
We provide continuing advisory as the DPDP regulatory framework evolves — including Data Protection Board rules, sectoral guidance, and international developments — with periodic compliance reviews and representation support during regulatory interactions.
