Indian banks must urgently embrace AI, privacy technologies to comply with DPDP Act: Report

New Delhi [India], June 9 (ANI): Indian banks must urgently adopt artificial intelligence (AI), privacy-enhancing technologies (PETs), and privacy-by-design strategies to effectively comply with the Digital Personal Data Protection Act (DPDPA), according to a report released by Protiviti.

The report, titled “Navigating DPDPA in Banking: Compliance, Impact, and AI-Powered Strategies for Futureproofing”, was unveiled at the 4th IBA CISO Summit 2025, hosted by the Indian Banks’ Association.

It highlighted that the regulatory and operational impact of DPDPA will be far-reaching, and banks must re-engineer their critical functions to align with privacy-by-design principles in order to meet the requirements of India’s most comprehensive data protection law to date.

The report offered sector-specific insights, guiding banks on how to harmonise DPDPA compliance with existing regulations issued by the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI).

It also identified unique privacy risks for the banking sector, including algorithmic profiling, third-party data sharing, and challenges in managing customer consent. An operational playbook is presented to help banks integrate privacy-by-design principles across core functions such as Know Your Customer (KYC) and fraud detection, along with strategies to automate compliance efforts.

Furthermore, the report highlighted the role of technology and AI in enabling scalable and efficient privacy solutions.

Protiviti noted that due to the volume and sensitivity of personal data handled, banks are likely to be classified as Significant Data Fiduciaries (SDFs) under DPDPA. This status brings enhanced obligations such as conducting Data Protection Impact Assessments (DPIAs), ensuring algorithmic transparency, performing regular data audits, and appointing a Data Protection Officer (DPO).

The report advised that compliance should not be treated as a one-time project but rather approached through a risk-based, adaptive operating model that can evolve with emerging threats, regulatory developments, and technological advancements. It also encourages banks to embed AI wherever suitable to enhance operational efficiency and streamline privacy management.

The report also pointed out the urgent need for stronger data governance, cross-functional accountability, and AI-driven privacy solutions within the banking sector. It stressed that regulatory alignment, customer trust, and digital innovation must move forward together.

It also noted that the DPDPA will overlap with sector-specific guidelines from RBI and SEBI, adding new layers of compliance.

For instance, existing RBI data retention rules will need to align with DPDPA’s principles of data minimization and storage limitation, while breach reporting obligations must cater to both financial regulators and the new Data Protection Board of India.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *