Data Privacy Day: Industry Experts on Why Privacy by Design and Responsible Data Use Matter More Than Ever

Data Privacy Day highlights the growing importance of protecting personal information in an era where digital interactions shape everyday life. As everyone increasingly relies on data-driven technologies, questions about how personal data is collected, used, and safeguarded have moved to the centre of public discourse. With cyber risks evolving and digital adoption accelerating, privacy is no longer just a technical concern; it is a foundation of trust in the digital ecosystem. Against this backdrop, industry experts emphasise that effective data protection today requires a combination of ethical responsibility, privacy-by-design frameworks, and informed digital behaviour, ensuring that users remain in control of their personal information.

As we approach Data Privacy Day in 2026, conversations around data protection are moving well beyond compliance checklists to focus on trust, governance, and long-term digital resilience. With AI and automation becoming more autonomous and deeply embedded across sectors, privacy-by-design and transparent data governance are now critical to scaling innovation responsibly. The implementation of the Digital Personal Data Protection (DPDP) Rules has further sharpened the spotlight on accountability, consent, and secure data stewardship as foundational pillars of India’s evolving digital economy. From building trusted AI systems and embedding security at the architectural level to treating regulation as a catalyst for efficiency and growth, experts from technology, automation, and digital infrastructure firms are outlining what data privacy must mean for India in 2026 and beyond.

Asit Kumar, Chief Information Security Officer and Data Protection Officer, Digi Yatra Foundation, “On Data Privacy Day, attention turns to a defining reality of the digital age: personal data is power, and protecting it is essential. As data breaches and cyberattacks continue to rise, consumers are becoming more conscious of what information they share, with whom, and for what purpose. Taking control of personal data is no longer optional; it is a necessary safeguard against risks such as identity theft, fraud, and misuse.

For organisations, data protection extends beyond regulatory compliance; it is a moral and ethical responsibility. Transparent data practices, explicit user consent, and purpose-driven data usage are fundamental to building trust in an increasingly digital ecosystem.

Privacy should not be an afterthought; it must be embedded by design. Built on a Self-Sovereign Identity (SSI) framework and aligned with Privacy by Design principles, Digi Yatra ensures that users’ personal data remains protected, with personal information deleted by the Airport Verifier within 24 hours of the flight’s Scheduled Time of Departure. Through a decentralised identity framework, Personally Identifiable Information (PII) remains securely stored on the user’s own device, ensuring complete user control.

Users retain the freedom to opt out at any time, with the assurance that no data is retained by the platform. Following strict data-minimisation principles, processing only what is essential for the intended use case is important, for instance, while verifying Aadhaar, we do not access information such as the user’s address when it is not required.

This Data Privacy Day, it is important to reaffirm our collective commitment to privacy, transparency, and user empowerment, while encouraging citizens to stay informed about their data rights and actively contribute to building a safer, more trusted digital ecosystem.

Yuvraj Shidhaye, Founder and Director, TreadBinary, “On Data Privacy Day, the conversation must shift from simply preventing breaches to understanding how easily data can be misused in everyday digital behaviour. In today’s always-connected economy, data is not just an asset; it is a responsibility that extends across people, platforms, and processes.

Privacy risks are no longer limited to hacked systems or suspicious emails. They can emerge quietly, when a mobile app is given access to contacts, microphones, or location data it doesn’t truly need, or when employees use AI tools to summarise documents without realising they may be exposing confidential or proprietary information. Even well-intentioned innovation, such as using generative AI in R&D, can raise serious concerns around intellectual property and patent integrity if governance is unclear.

While advanced technologies like AI-driven threat detection help identify risks faster, real resilience comes from embedding privacy into everyday decisions. Clear data governance, disciplined access controls, and informed user behaviour are just as critical as cybersecurity tools. When organisations and individuals treat privacy as a shared responsibility, trust in the digital ecosystem becomes stronger, more resilient, and future-ready.”

This Data Privacy Day, the message is unambiguous, lasting trust in the digital economy will depend on embedding privacy into technology, organisational culture, and individual actions alike.

Bernard Montel, Field CTO, Tenable, says, “This Data Privacy Day, protecting personal data is about more than compliance; it’s about defending freedom and privacy. As scams and extortion exploit exposed information, data leaks are causing real-world harm.

“With cybercriminals weaponising AI, attacks are becoming faster, smarter and harder to detect. At the same time, companies are adopting agentic AI, introducing a new risk:

digital identities acting independently within sensitive systems. Effective governance now demands visibility into machine behaviour, not just human access.

“To combat these emerging challenges, businesses must invest in identity governance. Compliance should also be the baseline, with prevention and resilience built in from day

one.”

Vaibhav Patkar, Risk & Security Solutions Advisor at Orient Technologies Limited, "On Data Privacy Day, the conversation goes beyond compliance to how organizations build long-term trust and resilience in a digital-first economy. As enterprises scale cloud adoption and deploy AI across operations, managing cyber threats effectively becomes critical to protecting business continuity and stakeholder confidence. A comprehensive security approach, spanning cloud, endpoint, and network environments, combined with real-time monitoring and AI-driven incident response, enables organizations to stay ahead of evolving risks. Aligning security practices with global standards not only strengthens privacy and governance, but also empowers businesses to innovate securely and sustainably.” -

Tejesh Kodali, Group Chairman, Blue Cloud Softech Solutions Limited, “Data Privacy Day reflects the vision that inspired me to build solutions focused on trust, resilience, and responsible innovation. As AI and digital systems become integral to business, data protection must be embedded into strategy, not treated as an afterthought. By adopting proactive, intelligence-driven security and strong governance, organizations can safeguard sensitive information, meet regulatory expectations, and scale innovation with confidence.”

Manoj Paul, MD, Equinix India:

“As India enters a more mature phase of its digital economy, responsible data governance is being sharpened through the implementation of the Digital Personal Data Protection Rules (DPDP). The Rules place accountability, transparency and user consent at the center of data driven growth, at a time when digital services are becoming deeply embedded across financial services, healthcare, manufacturing and public infrastructure.

In this evolving landscape, Equinix plays a central role by providing secure, neutral and globally interconnected digital infrastructure that helps organizations manage data responsibly while maintaining compliance and performance. By enabling scalable architectures and trusted interconnection ecosystems, Equinix supports enterprises as they navigate the operational and governance requirements of the DPDP framework.

On Data Privacy Day, Equinix reaffirms its commitment to supporting our customers in upholding the highest standards of data protection and digital trust. We remain dedicated to empowering businesses with secure, resilient and compliant infrastructure with accessibility to digital ecosystems in India and worldwide. By working alongside customers, partners and policymakers, Equinix continues to support a future where innovation thrives on a foundation of trust, security and responsible data stewardship.”

Maurizio Garavello, SVP for Asia Pacific & Japan, Qlik, “As AI becomes more autonomous, data privacy stops being a compliance checkbox and becomes a design principle. You can’t build trusted AI on opaque data or unclear ownership. Organisations need to know where data lives, who can act on it, and how decisions are governed – especially as agents begin to operate on their behalf. Privacy, governance, and transparency are what turn AI from a risk into a reliable partner. Without that trust layer, scale simply won’t happen”

Peter White, Chief Product Officer, Automation Anywhere, “As agentic systems operate with increasing autonomy and process unprecedented volumes of sensitive data, privacy is no longer optional. It is core infrastructure for responsible AI and automation. Embedding security and privacy by design at the architectural level is a critical element that will define systems which can scale from pilots to real-world operational usage. When privacy and security are built in, organisations can move fast without breaking trust and introducing unnecessary risks.”

Achyuth Krishna, Head of Enterprise IT, Security, and Procurement, Whatfix:

“Generative AI has turned data into a double-edged sword. While it drives unprecedented automation, the cost of a single misstep has risen to nearly $4.5 million per IBM's 2025 Cost of a Data Breach Report. To thrive in 2026, leadership must shift from "defensive" privacy to "offensive" trust.

The Strategy for 2026:

1. Democratize Control: Replace opaque data collection with user-centric dashboards. When users have clear sightlines into how AI uses their data, adoption friction disappears.

2. Anticipate the Threat: Move toward AI-driven security that identifies behavioural anomalies in real-time. Resilience must be embedded in the code, not just the firewall.

3. Embrace Regulatory Rigour: Treat the DPDP Act and GDPR not as constraints, but as blueprints for data minimisation. Collecting only what is necessary reduces the "attack surface" and streamlines operations.

PwC's 2025 Responsible AI Survey confirms the shift: 60% of executives report that responsible AI practices directly drive ROI and efficiency. By building with privacy at the core, organisations don't just protect their data; they protect their future. At Whatfix, this philosophy guides how we operate and build. Data privacy and security are embedded across our product suite through privacy-by-design, AI-driven threat detection, automated safeguards, and strong internal practices, including continuous employee training. By placing trust at the centre, we help create digital systems that are secure, resilient, and built for the future.”

Vaibhav Tare, Chief Information Security Officer, Fulcrum Digital, “Data privacy has become a foundational pillar of digital trust, especially as enterprises accelerate AI adoption. In India’s evolving data protection landscape, organisations must move beyond checkbox compliance and build privacy into the design of their systems, processes, and AI models. Managing privacy risks in an era of automation requires strong governance, accountable leadership, and a clear balance between innovation and responsible data use. Enterprises that prioritise transparency and secure data practices will be best positioned to earn consumer confidence and sustain long-term growth in an AI-first economy.”

Sunil Sharma, Managing Director & VP – Sales (India & SAARC), Sophos, “Data Privacy Day 2026 is a timely reminder that data protection has become a fundamental business priority, not just a regulatory obligation. As organisations increasingly adopt AI, cloud, and digital-first operating models, the volume and sensitivity of data being created and processed continue to grow, making it an attractive target for cybercriminals. In this context, systems must incorporate privacy and cybersecurity by design, bolstered by robust governance, ongoing monitoring, and swift incident response. Equally important is building a culture of accountability and awareness across the organisation, because technology alone cannot address data risk. Organisations that prioritise data privacy and security will be better positioned to earn trust, meet compliance requirements, and drive sustainable digital growth.”

Amit Relan, CEO & Co-founder, mFilterIt, mentions, “Data Privacy Day is a reminder that privacy is no longer just about compliance—it’s about credibility. As organisations collect and process more data, the real question isn’t how much data we have, but how trustworthy it is. Privacy frameworks can only succeed when the data entering systems is genuine, consented to, and free from manipulation. In a digital economy increasingly shaped by automation and scale, protecting user data must go hand in hand with protecting data integrity. One without the other creates blind spots—and trust doesn’t survive blind spots."

Vijender Yadav, CEO & Co-founder of Accops, says, "Data privacy in 2026 has reached a breaking point: we can no longer rely on 'knowing' the user to protect the business. As generative AI makes it possible to flawlessly spoof identities and biometrics, the act of logging in has become the weakest link in the security chain. To survive this era of deception, enterprises must shift their focus from protecting the login to isolating the data.

True privacy now depends on a 'Privacy by Isolation' model. This requires moving beyond broad network access toward a Zero Trust Network Access (ZTNA) architecture where sensitive resources are hidden—or 'dark'—to the network by default. By integrating Continuous Adaptive Risk and Trust Assessment (CARTA) with hardened, virtualised workspaces, organisations can ensure that sensitive data never actually resides on the user’s physical device. Even if a credential is hijacked or a deepfake bypasses initial entry, the data remains isolated in a secure, controlled environment. The mandate for technology leaders is to decouple security from the underlying infrastructure, ensuring that privacy is an architectural default rather than a manual effort."

Rizwan Patel, Global Head of Cloud, InfoSec, and Emerging Technologies at Altimetrik, “Enterprise data privacy has become a board-level priority as digital platforms, cloud adoption, and AI-driven operating models reshape how value is created. Data sits at the core of revenue growth, ecosystem partnerships, and business resilience, making privacy by design a strategic requirement rather than a technical afterthought. Trust now functions as a business currency, determined by how responsibly organisations govern data across its lifecycle.

India’s data-centric digital economy further elevates the stakes. Platforms built on India Stack and rapid enterprise AI adoption expand the attack surface and intensify exposure to misuse, leakage, and systemic risk. The Digital Personal Data Protection Act reinforces fiduciary accountability, consent discipline, and breach readiness, setting a higher bar for enterprises operating at scale.

Compliance alone does not deliver confidence or differentiation. Market leaders are embedding privacy engineering into product development (PDLC) and software delivery (SDLC) lifecycles, supported by identity controls spanning human, machine, and emerging agentic identities. At Altimetrik, we integrate automation-driven governance, threat detection, identity and access management, observability, and responsible AI practices into core architectures. This enables organisations to protect data rights, sustain innovation velocity, and strengthen trust in an environment where technology amplifies both opportunity and risk.”

Dipesh Kaura, Country Director- India & SAARC, Securonix, "Data Privacy Day is a clear reminder that privacy is only as strong as your ability to see and control who touches your data. Protecting sensitive information means continuously monitoring access, understanding behaviour, and stopping misuse before it becomes a breach. At Securonix, our Unified Defense SIEM with agentic AI unifies advanced behavioural analytics, curated threat intelligence, and autonomous response to reduce risk, accelerate investigations, and keep critical data secure. By enabling proactive detection and rapid response at scale, we help organisations safeguard sensitive information, maintain compliance, and preserve trust in an increasingly complex digital world. On Data Privacy Day, the real question every organisation must answer is simple: do you truly know who has your data and can you prove it?"

Chetan Jain, Cofounder & Managing Director, Inspira Enterprise, "With a steep spike in data breaches and privacy violations, businesses have to protect the sensitive data of their customers and proprietary information for operations to avoid massive financial losses, customer churn, and reputational damage. At Inspira, we build a robust and tailored data privacy strategy, enabling organizations to proactively address privacy risks, satisfy regulatory requirements, and demonstrate commitment to privacy to all stakeholders. Furthermore, we provide customized recommendations to balance data privacy with business needs. The global celebration of Data Privacy Day on January 28 every year is a reminder for businesses to dedicate themselves to implementing robust data privacy policies to safeguard customer trust and ensure compliance while making provisions for future changes."

Rahul S. Kurkure, Founder & Director, Cloud.in, "As Indian enterprises accelerate their shift to cloud-first and AI-driven environments, they benefit from greater agility, scalability, and cost efficiency. However, this transition also increases data privacy risks due to the shared nature of cloud infrastructure. Data Privacy Day is a timely reminder that organisations must clearly understand and own their responsibilities within the shared responsibility model—especially as sensitive data moves across platforms, partners, and borders. Privacy cannot be treated as a compliance exercise alone; it must be embedded by design into cloud architectures without weakening security or operational performance. At Cloud.in, we focus on building privacy-driven cloud architectures that help Indian organisations establish digital trust, meet evolving regulatory expectations, and support long-term, sustainable growth."

DR. Sarath Kumar, Chief Technology Officer, ACT Fibernet, "With the growing dependence on digital devices across Indian households and enterprises, digital infrastructure today is fundamentally built on data privacy, which forms the foundation of trust across the digital ecosystem. With increasing cyberattacks in India have led to a greater focus and urgency on establishing strong data protection measures to protect individuals and businesses from both evolving threats to their privacy and disruption of their operations.

The future of data privacy will be defined by resilience. Today, consumers and businesses expect connectivity that protects their data as they connect. Embedding privacy-led resilience into digital infrastructure enables long-term trust, regulatory confidence, and sustainable growth in a rapidly evolving landscape of cyber threats and regulatory demands faced by both consumers and businesses."

Natarajan Ramani, General Manager and Head - Data Analytics & Solutions, TransUnion India Data Analytics & Solutions (TU INDAS), “As the Digital Personal Data Protection Act (DPDPA) moves from intent to implementation, enterprises have an opportunity to thoughtfully embed trust into everyday data practices. Responsible data governance is closely linked to how organisations can authenticate and communicate across digital and voice interactions. Approaches that help limit impersonation and support identity verification can contribute to stronger privacy outcomes, benefitting businesses and their customers. Data Privacy Day serves as a powerful reminder that acting early can help organisations give consumers greater confidence and control throughout their digital experiences, building trust in digital commerce.”