Abstract
This article covers the increasing significance of data privacy and cyber security in today's business landscape and discusses the legal considerations that come into play when businesses collect, process, store and protect personal data. It asserts that data is not just operational information anymore but a valuable asset for business and at the same time can be a point of legal risk if it is mishandled, exposed or processed without proper security measures. The article highlights the Indian laws, including the Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, to illustrate the new obligations on businesses regarding consent, security measures, notification of data breaches, children's data and accountability. It also examines the potential for regulatory penalties, claims for compensation, reputational damage and heightened regulatory attention to managerial and board-level oversight in the event of an incident or breach in the cyber realm. The article also notes on the compliance burden in sectors, practical challenges faced by Indian businesses, the importance of privacy by design, training, technical protection, audit program and better vendor management. It finds that data privacy and cybersecurity are now integral parts of legal governance and business survival and that businesses in India need to put in place more systematic and proactive compliance regimes to be able to do business responsibly in the digital economy.