ET CISO (2025)

12/12/2025

AI and cloud are rewriting India’s digital stack – but they’re also widening the blast radius when data goes wrong.

At the “AI, Cloud & Data Protection: The Next Battleground of Trust” panel, leaders from India’s digital payments and banking ecosystem unpacked this tension:

Praveen Parihar, CISO, Razorpay
Sarang Nagmote, DPO, Paytm Payments Bank
Dr Arijit Ghosh, Chief Data & Analytics Officer, Bandhan Bank
Ankit Gupta, CTO, PolicyBazaar for Business
Samrat Jaligama, Lead Sales Engineer, Skyhigh Security
Moderator: Muqbil Ahmar, Executive Editor, ETCISO

Praveen connected it to India’s digital journey: UPI, Aadhaar, DigiLocker, DigiYatra. Each time the state created a trusted digital rail, innovation exploded on top of it. DPDP, he argued, is the next such rail – a regulatory stack that will force better consent, better controls, and more responsible cloud and AI adoption.

Ankit framed the core paradox: enterprises want velocity of innovation, but not at the cost of runaway risk. AI assistants, code copilots, cloud-native platforms – all of them can supercharge build speed, if they are wrapped with guardrails like secure coding reviews, policy-driven access, and strong data controls.

Sarang and Samrat zoomed into the threat side. AI and cloud aren’t just tools for defenders – they’re also amplifiers for attackers.
Multi-stage attacks, LLMs scraping sensitive data, exposed APIs and cross-border data flows are turning every endpoint, log, and dataset into potential attack surface.

Dr Arijit brought it back to fundamentals:
enterprises must know what data they collect, why they collect it, where it resides, and how long they keep it.
Without that, DPDP is impossible to implement, and AI models become opaque risk engines sitting on top of unknown data.

The shared conclusion was clear:

AI + Cloud are now the primary battleground of digital trust.

DPDP is not a “tick-the-box” exercise; it is an architecture and culture reset.

The organisations that map their data, modernise their controls, and embed privacy and security by design will be the ones that win both innovation and trust.

Know more about ETCISO: https://ciso.economictimes.indiatimes.com/

12/12/2025

“Most organisations want DPDP compliance. Very few know where to begin.”
That’s the gap Kumar Priyank, Chief Privacy Officer & CEO, DPDP Consultants, laid bare in the session DPDPA 360° Compliance – From Policy to Practice, joined by Maheswaran Shanmugasundaram, Country Manager – South Asia, Varonis Systems.

Kumar began with the uncomfortable questions leaders tend to avoid — the ones that define whether compliance is real or performative:

Why do you collect the data you collect?
Who touches it, internally and externally?
How many vendors still have access long after contracts expired?
Can your customer exercise their rights, or is consent buried in legal jargon?
Do your employees understand DPDP — or only your board does?

He reminded the room of a simple truth:
DPDP is not about templates. It’s about transparency.
If organisations cannot map data flows, retention, ingress/egress, and processing roles, no product or policy can make them compliant.

Maheswaran then brought the operational lens — the how behind DPDP:

You cannot protect what you cannot discover.

You cannot govern what you cannot see.

You cannot comply with what you cannot monitor.

Through real examples, he showed how modern platforms can detect overexposed PII, flag sensitive data in unstructured files, identify abnormal usage patterns, and even auto-remediate excessive access — turning DPDP from guesswork into measurable posture.

Their combined message hit home:
DPDP isn’t a legal challenge. It’s a data challenge.
Compliance is achievable only when policy meets practice, and visibility meets governance.

Know more about ETCISO: https://ciso.economictimes.indiatimes.com/

12/12/2025

“When privacy becomes law… trust becomes governance.”
That was the heartbeat of our panel CISOs, DPOs & Boards: Making Trust a Boardroom KPI, moderated by Muqbil Ahmar, Executive Editor, ETCISO.

What unfolded on stage was a rare, honest conversation about what it really takes to operationalise DPDP inside large, regulated enterprises — and why trust can no longer sit in security alone.

Bhavna Longani (DPO, Axis Max Life Insurance) opened with the reality many organisations face: fragmented systems, legacy CRMs, non-compliant tech, and third-party dependencies — all now needing explicit consent, new journeys, and new governance. The real challenge? “Privacy isn’t just compliance. It’s rewiring how organisations work.”

Shailendra Kothavale (Chief Compliance & Risk Officer, Aditya Birla Sun Life Insurance) reframed data as soil — the most valuable resource in an organisation. He stressed that readiness starts with discovering, classifying and mapping data end-to-end, followed by a complete rethink of consent UX, cookie practices and cross-border storage.

Dr. Pawan Chawla (CISO & DPO, Tata AIA Life Insurance) spoke from a dual lens: security and privacy aren’t competing roles — they must be “strong pillars of the same bridge.”
Privacy risk, he said, must evolve into enterprise risk, with shared dashboards, shared KPIs and shared accountability.

Kiran Belsekar (EVP — CISO & IT & Data Governance, Bandhan Life) added that trust is now a long-term contract in financial services. Privacy by design, unified metrics, and governance committees aren’t optional — they’re the only way to balance compliance, cost, and business friction.

Across the board, one truth emerged:
DPDP will test not just systems — but culture. Organisations that treat privacy as enterprise risk will lead the trust economy.

Know more about ETCISO: https://ciso.economictimes.indiatimes.com/

12/12/2025

“Every digital journey starts with a simple question: Do you know where your data actually lives?”
That was the provocation Sonu Trilochan Singh, Principal Solution Consultant at OpenText, brought to the stage during his session Navigating India’s Digital Economy Highway with the Role of the DPDP Act.

What made his talk memorable wasn’t just the technology — it was the metaphor.
To him, DPDP is not a regulation to comply with, but a highway we must learn to navigate, with legacy systems, scattered data, and rising AI complexity acting as unexpected roadblocks along the way.

Here’s what stood out:

Data discovery is the starting point of the journey.
You cannot apply controls, encryption, or minimisation unless you know exactly where your sensitive data resides — especially when 70% of it may be hiding in legacy systems.

Legacy applications are the unspoken bottleneck.
Updating them without “breaking the engine” is now a strategic priority. DPDP compliance demands modernisation that doesn’t disrupt business continuity.

Compliance isn’t a one-time milestone — it’s continuous navigation.
Just like staying alert on a highway, organisations must monitor data flows, deletions, access patterns and exceptions in real time.

Unified visibility is the new competitive advantage.
Sonu introduced a single-console approach — a unified dashboard that helps enterprises discover, classify, tag, protect and monitor data across silos, clouds, microservices and cross-border environments.

He closed with a simple truth:
DPDP isn’t just a legal route. It’s the map that will determine how safely, responsibly and confidently India accelerates into its digital future.

Know more about ETCISO: https://ciso.economictimes.indiatimes.com/

12/12/2025

“Your personal data probably lives in a hundred places… even though you only gave it once.”
That simple truth — shared by Deepak Annamalai, Head of Sales, APAC at Skyflow — hits differently when you think about how digital life has quietly reshaped us as consumers.

Deepak walked onto the ETCISO stage with two hats:
one of a regular user, and one of an executive inside the engine room of digital businesses.
And through both lenses, he revealed a reality many organizations still underestimate.

Here are the ideas that stood out:

Digital convenience creates digital footprints — everywhere.
Whether it’s grocery orders, insurance history, bank balance clues, or our favorite travel routes, companies know more about us than we realize — and this data sprawls across apps, tools, pipelines, CRMs, AI models, and storage systems.

Collecting data is easy. Protecting it is the real operational nightmare.
Especially under DPDP: consent must be enforced across systems, deletion must be provable, and “reasonable security” now means protecting data at its core, not just guarding the perimeter.

Tokenization isn’t a feature — it’s a philosophy.
Deepak’s analogy was simple: we don’t keep diamonds in the kitchen.
A data privacy vault centralizes sensitive data, replaces it with harmless tokens everywhere else, and ensures that even if attackers get in, they get nothing of value.

Trust, once broken, takes years to rebuild.
Technology may evolve, regulations may tighten, but trust remains the real moat.

His closing point lingered:
“A privacy vault isn’t just compliance. It’s customer lifetime trust.”

Know more about ETCISO: https://ciso.economictimes.indiatimes.com/

12/12/2025

“Every summit begins with a spark — a reminder of why we’ve gathered in the first place.”
That spark came from Sneha Jha, Editor – Special Initiatives, ETCIO & ETCISO, as she opened the ET CISO Data Protection & Privacy Summit 2025.

Her welcome note set the tone for the day: thoughtful, grounded, and sharply aware of the moment we’re all living through — a world where data moves faster than decisions, and trust has become an organization’s most valuable currency.

Know more about ETCISO: https://ciso.economictimes.indiatimes.com/

11/12/2025

We’re honoured to welcome Shahana Chatterji, Partner, Shardul Amarchand Mangaldas & Co., as a Partner Speaker at the 4th Edition of the ET CISO Data Protection & Privacy Summit.

A leading voice in technology, privacy, and regulatory law, Shahana brings unmatched expertise in guiding enterprises through complex legal frameworks, digital governance challenges, and the evolving compliance landscape under the DPDP Act.

📅 12 December 2025
📍 ITC Maratha, Mumbai

🔗 Register Now: https://ciso.economictimes.indiatimes.com/data-protection-privacy-summit

11/12/2025

We’re pleased to welcome Mayank Sharma, Data Protection Officer, CRISIL Limited, to the 4th Edition of the ET CISO Data Protection & Privacy Summit.

With expertise in data governance, privacy operations, and risk management across highly regulated sectors, Mayank brings sharp insights into building scalable, compliant, and future-ready privacy frameworks within large enterprises.

At the summit, he will discuss how organizations can:
✔ Implement DPDP-aligned privacy programs
✔ Strengthen data lifecycle controls
✔ Embed trust, accountability, and transparency into business operations

A must-attend session for leaders navigating India’s rapidly evolving data protection landscape.

📅 12 December 2025
📍 ITC Maratha, Mumbai

🔗 Register Now: https://ciso.economictimes.indiatimes.com/data-protection-privacy-summit

11/12/2025

We’re delighted to welcome Consentin by Leegality as an Associate Partner for the 4th Edition of the ET CISO Data Protection & Privacy Summit.

Consentin empowers enterprises to manage digital consent, data compliance, and regulatory workflows with secure, audit-ready, and privacy-first solutions built for India’s evolving digital landscape.

📅 12th December 2025
📍 ITC Maratha, Mumbai

🔗 Register Now: https://ciso.economictimes.indiatimes.com/data-protection-privacy-summit

10/12/2025

We’re delighted to welcome Manoj Dhingra, Cofounder and Director – India Business, Stellar Information Technology Pvt. Ltd., as a Partner Speaker at the 4th Edition of the ET CISO Data Protection & Privacy Summit.

With deep expertise in data recovery, data erasure, and enterprise information management, Manoj brings powerful insights into safeguarding business-critical data and building trust-centric digital environments.

📅 12 December 2025
📍 ITC Maratha, Mumbai

🔗 Register Now: https://lnkd.in/gEWR2N3W

10/12/2025

We’re delighted to welcome Kumar Priyank, Chief Privacy Officer & CEO, DPDP Consultants, as a Partner Speaker at the 4th Edition of the ET CISO Data Protection & Privacy Summit.

With deep expertise in privacy governance, DPDP Act compliance, and enterprise risk strategy, Kumar brings invaluable perspectives on how organizations can operationalize privacy, build accountable systems, and transition confidently into India’s new regulatory era.

At the summit, he’ll unpack:
✔ Actionable pathways for DPDP implementation
✔ Building privacy frameworks that scale
✔ Embedding trust and transparency into digital operations

A must-attend session for leaders shaping the future of responsible data management.

📅 12 December 2025
📍 ITC Maratha, Mumbai

🔗 Register Now: https://ciso.economictimes.indiatimes.com/data-protection-privacy-summit

10/12/2025

We’re delighted to welcome Shardul Amarchand Mangaldas & Co. (SAM & Co.) as a Supporting Partner for the 4th Edition of the ET CISO Data Protection & Privacy Summit.

Their insights into legal risk, regulatory readiness, and privacy governance add immense value to the summit’s conversations on building trusted, resilient, and compliant digital enterprises.

📅 12th December 2025
📍 ITC Maratha, Mumbai

🔗 Register Now: https://ciso.economictimes.indiatimes.com/data-protection-privacy-summit

ET CISO

12/12/2025

12/12/2025

12/12/2025

12/12/2025

12/12/2025

12/12/2025

11/12/2025

11/12/2025

11/12/2025

10/12/2025

10/12/2025

10/12/2025

Address

Website

Alerts

Contact The Business

Shortcuts

Share