Express Computer

Home  »  News  »  Protiviti report unveiled at the IBA CISO summit urges banks to embrace AI, PETs, and privacy-by-design to future-proof compliance with the DPDPA and enhance data protection.

Protiviti report unveiled at the IBA CISO summit urges banks to embrace AI, PETs, and privacy-by-design to future-proof compliance with the DPDPA and enhance data protection.

News
By Express Computer
0 157

Banks in India must urgently initiate a strategic privacy transformation to comply with the Digital Personal Data Protection Act (DPDPA) 2023 and the draft DPDP Rules, 2025, warns a new Protiviti report released today. The regulatory and operational impact of the Digital Personal Data Protection Act (DPDPA) will be far-reaching, the report notes, adding that the banks must re-engineer their critical functions according to privacy-by-design principles to comply with India’s most comprehensive data protection law to date.

Titled “Navigating DPDPA in Banking: Compliance, Impact, and AI-Powered Strategies for Futureproofing”, the Protiviti report was unveiled today at the 4th IBA CISO Summit 2025 hosted by the Indian Banks’ Association. The report notes that banks are likely to be classified as Significant Data Fiduciaries (SDFs) under the DPDPA due to the scale and sensitivity of data they handle. This designation will subject them to enhanced obligations, including data protection impact assessments (DPIAs), algorithmic transparency, performing Data audits, and mandatory appointment of a Data Protection Officer (DPO).

Rather than treat compliance as a one-time project, the report urges banks to adopt a risk-based, adaptive operating model that keeps pace with evolving threats, technology shifts, and regulatory expectations. Further, the report encourages to integration of AI wherever applicable to maximise efficiency and optimise processes.

Building on Protiviti’s State of Data Privacy in India – Survey Report, where the banking sector was the most represented, the findings revealed that 52% of organisations had experienced a privacy breach in the past five years, yet only 42% had a fully defined privacy program. Alarmingly, just 24% felt prepared to manage privacy concerns related to emerging technologies. While 68% of banking and financial services organisations had defined privacy processes, reliance on IT teams remained high, often in the absence of a dedicated privacy office.

The latest report, released at the 4th IBA CISO Summit 2025, reinforces the urgent need for stronger governance, cross-functional accountability, and AI-powered technology-driven privacy journey within the banking ecosystem. The paper emphasises that customer trust, regulatory alignment, and digital innovation must go hand-in-hand.

“The DPDPA marks a new era of accountability for banks. Embedding strong governance, leveraging privacy-enhancing technologies, and aligning with regulatory expectations will be key to sustainable compliance,” – Sandeep Gupta, Managing Director, Protiviti Member Firm for India.

“In banking, trust is the currency—and compliance with the DPDPA is no longer just a regulatory mandate, it’s a strategic necessity. By harnessing AI and Privacy Enhancing Technologies to embed privacy by design into the digital infrastructure, we will not only be protecting personal data but strengthening the very trust that powers every customer relationship” – Vaibhav Koul, Managing Director, Protiviti Member Firm for India.

 

Key Highlights from the Report

 

  • Sector-Specific Insights: Tailored guidance for banks on how DPDPA intersects with RBI and SEBI regulations, ensuring a harmonised compliance approach.
  • Unique Privacy Risks: A deep dive into banking-specific risks related to algorithmic profiling, third-party data sharing, and consent management.
  • Operational Playbook: Practical strategies for integrating privacy by design, managing consent, and automating compliance across core banking functions—from KYC to fraud detection.
  • Technology and AI as an Enabler: Exploration of privacy-enhancing technologies (PETs), AI-powered use cases, and scalable automation to futureproof privacy programs.

Future-Ready Roadmap: A blueprint for establishing Data Protection Offices, conducting DPIAs, and embedding privacy into enterprise risk management.

Drawing from sector-specific case studies, regulatory analysis, and forward-looking strategies, the report offers a structured playbook for banks preparing to comply with India’s most comprehensive data protection law to date.

It maps out critical banking functions, including digital onboarding, AML, and risk analytics, and explains how each must be re-engineered in line with privacy-by-design principles. Common threads include the need for explicit, granular consent from data principals, transparent privacy notices at every touchpoint, limits on data processing for secondary or commercial purposes, and cross-border safeguards for data transfers.

It further outlines three key operational imperatives, starting with the adoption of privacy-enhancing technologies (PETs) and AI for data discovery, classification, encryption, consent management, and Data subject access management automation. The second imperative for banks is the establishment of a centralised Data Privacy Office (DPO) to coordinate privacy governance across business, IT, legal, and risk. Finally, banks must invest in role-based privacy training, internal audits, and real-time compliance metrics to ensure enterprise-wide alignment.

The report also notes that the DPDPA will intersect or overlap with sectoral regulations issued by the Reserve Bank of India (RBI) and Securities and Exchange Board of India (SEBI), creating multiple layers of accountability. For example, data retention obligations under RBI must now be reconciled with DPDPA’s “data minimisation” and “storage limitation” principles. Similarly, breach reporting requirements will need to cater to both financial regulators and the newly formed Data Protection Board of India.

Get real time updates directly on you device, subscribe now.

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
Powered by Convert Plus

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image