AMCHAM’s Western Region organized a roundtable session on ‘Navigating India’s DPDP Act: Regulatory Insights and Implementation Strategies’ on February 20^th in collaboration with Ernst & Young (EY) as knowledge partner. The session was conducted in a hybrid format at the EY office in Mumbai, bringing together senior leaders and practitioners from legal, compliance, risk, data privacy, IT, cyber security, governance, and policy functions. The session commenced with Mr. Hitesh Sharma, Western Region Executive Committee Member, AMCHAM and Senior Partner, EY, welcoming all participants and highlighting the growing importance of robust data protection frameworks in India and the need for organizations—particularly multinational companies—to proactively prepare for the evolving regulatory landscape under the Digital Personal Data Protection (DPDP) Act. The technical presentation was delivered by Ms. Mini Gupta, Partner & National Leader for Data Privacy and Data Protection, EY India, who provided a comprehensive overview of the DPDP Act introduced by the Government of India. Her presentation highlighted that the DPDP Act establishes a comprehensive framework governing the processing of digital personal data in India; introduces clear roles of data fiduciaries and data processors with defined accountability obligations; positions consent as the primary lawful basis for processing with emphasis on it being free, informed, specific, and unambiguous; strengthens data principal rights including the right to access information, correction and erasure of data, grievance redressal, and nomination; mandates organizations to implement reasonable security safeguards and notify the Data Protection Board and affected individuals in case of personal data breaches; permits cross-border data transfers to notified countries; imposes additional compliance requirements on significant data fiduciaries such as data protection impact assessments, audits, and appointment of a Data Protection Officer; prescribes a penalty-based enforcement regime with substantial financial consequences for non-compliance; and emphasizes privacy-by-design, data minimization, and purpose limitation as core compliance principles.

The presentation was followed by a fireside chat between Mr. Taufique Arsiwalla, Tax Partner, EY India, and Mr. Ishan Banerjee, Senior Managing Counsel, Visa, which provided practical, industry-grounded perspectives on implementing DPDP requirements within multinational organizations. The discussion covered key questions including: the biggest mindset shift required for U.S.-headquartered companies moving from U.S. privacy laws to India’s DPDP Act; how companies are preparing to be genuinely “72-hour ready” for breach notifications; how U.S. companies should decide what to standardize globally versus localize for India when global standards clash with DPDP requirements; how legal teams should partner with product and engineering to make privacy-by-design real and measurable; whether DPDP could become a trust and market entry advantage for U.S. companies in India; what a “good” privacy program should look like in 2026 for multinational companies operating in India; misconceptions around DPDP compliance that need early correction; common DPDP mistakes U.S. companies should avoid; whether the revised expected implementation timeline of 12 months (from the earlier 18 months) is sufficient and how U.S. organizations may cope with it; and whether organizations should voluntarily adopt mechanisms such as SCC-like practices for cross-border transfers given DPDP’s prescriptive nature. The fireside chat was followed by an engaging Q&A session where participants raised practical queries around implementation timelines, operational readiness, and cross-border data considerations. The session concluded with a vote of thanks by Ms. Rakhi Sikka, Regional Director – Western Region, AMCHAM, who expressed appreciation to EY, the distinguished speakers, and all participants for their active engagement and reiterated AMCHAM’s commitment to continuing industry dialogues that support members in navigating India’s evolving regulatory landscape.