New Delhi, June 9
Indian banks must urgently adopt artificial intelligence (AI), privacy-enhancing technologies (PETs), and privacy-by-design strategies to effectively comply with the Digital Personal Data Protection Act (DPDPA), according to a report released by Protiviti.
The report, titled "Navigating DPDPA in Banking: Compliance, Impact, and AI-Powered Strategies for Futureproofing", was unveiled at the 4th IBA CISO Summit 2025, hosted by the Indian Banks' Association.
It highlighted that the regulatory and operational impact of DPDPA will be far-reaching, and banks must re-engineer their critical functions to align with privacy-by-design principles in order to meet the requirements of India's most comprehensive data protection law to date.
The report offered sector-specific insights, guiding banks on how to harmonise DPDPA compliance with existing regulations issued by the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI).
It also identified unique privacy risks for the banking sector, including algorithmic profiling, third-party data sharing, and challenges in managing customer consent. An operational playbook is presented to help banks integrate privacy-by-design principles across core functions such as Know Your Customer (KYC) and fraud detection, along with strategies to automate compliance efforts.
Furthermore, the report highlighted the role of technology and AI in enabling scalable and efficient privacy solutions.
Protiviti noted that due to the volume and sensitivity of personal data handled, banks are likely to be classified as Significant Data Fiduciaries (SDFs) under DPDPA. This status brings enhanced obligations such as conducting Data Protection Impact Assessments (DPIAs), ensuring algorithmic transparency, performing regular data audits, and appointing a Data Protection Officer (DPO).
The report advised that compliance should not be treated as a one-time project but rather approached through a risk-based, adaptive operating model that can evolve with emerging threats, regulatory developments, and technological advancements. It also encourages banks to embed AI wherever suitable to enhance operational efficiency and streamline privacy management.
The report also pointed out the urgent need for stronger data governance, cross-functional accountability, and AI-driven privacy solutions within the banking sector. It stressed that regulatory alignment, customer trust, and digital innovation must move forward together.
It also noted that the DPDPA will overlap with sector-specific guidelines from RBI and SEBI, adding new layers of compliance.
For instance, existing RBI data retention rules will need to align with DPDPA's principles of data minimization and storage limitation, while breach reporting obligations must cater to both financial regulators and the new Data Protection Board of India.
— ANI
Reader Comments
Finally! Our banks need to catch up with global data protection standards. Too many cases of fraud and data leaks happening. AI can help but must be implemented carefully - we don't want another Aadhaar data breach situation. Hope RBI monitors this closely.
As someone who works in fintech, this is much needed but will be challenging. Public sector banks will struggle more than private ones. The cost of implementation will be huge - hope this doesn't get passed on to customers through higher charges 😕
Good move, but I'm concerned about small regional banks. They don't have resources like SBI or HDFC. Government should provide support or we'll see more mergers. Also, what about rural customers who still prefer cash? Digital divide is real bhai!
AI for privacy sounds contradictory no? 🤔 Banks already use our data for unwanted marketing calls. Hope this law has strong penalties for violations. Last month ICICI called me 8 times for credit card offers after I took a loan!
Excellent report! India is becoming a global leader in digital governance. DPDPA + UPI + Account Aggregator framework will make our banking system world-class. But implementation is key - hope banks don't treat this as just another compliance checkbox exercise.
Privacy is important but what about financial inclusion? My mother in village finds digital banking difficult. Banks must balance tech upgrades with basic services for all. Also, training staff is crucial - many bank employees themselves don't understand these technologies properly.
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.