As the world marks Data Privacy Day on January 28, debate over personal data has shifted decisively. What was once framed largely as a compliance obligation is now being treated by technology and security leaders as a question of trust, resilience and long-term competitiveness in an economy increasingly shaped by artificial intelligence and cloud computing.
Across industries, executives say the challenge is no longer whether data will be exposed, misused or misinterpreted, but whether organisations are structurally prepared for that reality.
“Data privacy has become a foundational pillar of digital trust, especially as enterprises accelerate AI adoption,” said Vaibhav Tare, chief information security officer (CISO) at Fulcrum Digital. He said organisations in India’s evolving regulatory landscape must move beyond checkbox compliance and embed privacy into systems, processes and AI models from the outset.
That view is echoed by Sunil Sharma, managing director and vice president for India and SAARC at Sophos, who said data protection had become a core business priority rather than a regulatory exercise.
“As organisations increasingly adopt AI, cloud and digital-first operating models, the volume and sensitivity of data being created continues to grow, making it an attractive target for cybercriminals,” he said.
From compliance to architecture
In addition, data privacy is increasingly being treated as a board-level concern rather than a purely technical issue, executives say.
Data now underpins revenue growth, partnerships and operational resilience, making trust a commercial consideration shaped by how responsibly information is governed across its lifecycle.
Rizwan Patel, global head of cloud, information security and emerging technologies at Altimetrik, said privacy-by-design was becoming a strategic requirement as digital platforms and AI-driven models expanded both opportunity and risk.
“Trust now functions as a business currency,” Patel said, adding that compliance alone was no longer sufficient to build confidence at scale.
Several executives also pointed to India’s Digital Personal Data Protection Act (DPDP Act) as a turning point that is forcing companies to rethink how data is handled across its entire lifecycle.
Balaji Rao, area vice president for India and SAARC at Commvault, said privacy by design had moved from principle to performance requirement across cloud platforms, multi-cloud environments and AI-driven workflows. He said regulatory readiness increasingly depended on real-time visibility and policy-driven governance in systems where data and identities are widely distributed.
“Enterprises that architect privacy and resilience directly into cloud data platforms establish a durable foundation for compliance and business continuity,” Rao said.
For some, the shift is as much about infrastructure as policy. Avaneesh Kumar Vats, vice president of information technology at Techno Digital, said privacy outcomes increasingly depended on where data resides and how it flows across distributed environments.
“As India advances into the next phase of the DPDP Act, enterprises must re-architect digital foundations with privacy as a core design principle, not a compliance afterthought,” Vats said, pointing to the rapid expansion of data centres and AI workloads.
AI raises the stakes
Artificial intelligence has added a new layer of urgency to privacy debates, executives said, as models consume vast volumes of data and operate with limited transparency.
“As organisations integrate generative AI, the risk of sensitive data leaks has shifted from a possibility to a near certainty,” said Pratik Shah, managing director for India and SAARC at F5.
He said traditional security tools were ill-suited to manage the unpredictable behaviour of AI models, making real-time guardrails essential across the AI lifecycle.
At Akamai Technologies, director of security technology and strategy Reuben Koh said the speed at which data now moves across cloud platforms, APIs and intelligent systems requires equally fast discovery and protection mechanisms.
“In an AI-driven world where data is a precious commodity, privacy is a continuous responsibility,” he said.
Bernard Montel, field chief technology officer at Tenable, said AI was also changing the threat landscape itself. “Cybercriminals are weaponising AI, making attacks faster, smarter and harder to detect,” he said, adding that organisations were also introducing new risks through autonomous digital identities operating inside sensitive systems.
Identity, access and control
Many tech leaders pointed out identity as the new fault line in data privacy.
“Data privacy in 2026 has reached a breaking point,” said Vijender Yadav, CEO and co-founder of Accops. He said generative AI had made it easier to spoof identities and bypass traditional authentication, pushing organisations to rethink how data is isolated and accessed.
“True privacy now depends on isolating the data rather than trusting the login,” Yadav said, arguing for architectures where sensitive resources remain hidden by default.
The focus on identity also extends to customer interactions. Nicholas Kontopoulos, vice president of marketing for Asia Pacific and Japan at Twilio, said trust is often won or lost in a single digital message. He cited research showing Indian consumers are willing to wait longer or even pay more if it improves security and control over their data.
“If consumers cannot immediately recognise who is speaking to them or why a message was sent, confidence is lost before the conversation begins,” he said.
Beyond security silos
Executives in regulated sectors such as banking and financial services warned that privacy, cybersecurity and financial crime risk can no longer be managed separately.
Anuj Khurana, co-founder and CEO of Anaptyss, said ungoverned use of AI, often described as shadow AI, had emerged as a major contributor to breach costs in India. He said financial institutions must embed privacy by design into risk and compliance systems rather than layering controls after deployment.
“Responsible data and AI governance is no longer optional,” Khurana said. “It is foundational to trust, resilience and sustainable innovation.”
Others emphasised that privacy is also about data quality and integrity. Amit Relan, chief executive and co-founder of mFilterIt, said privacy frameworks only work when the data entering systems is genuine, consented to and free from manipulation.
“Privacy is no longer just about compliance, it is about credibility,” Relan said.
Infrastructure choices matter
Some technology leaders argued that data privacy is increasingly shaped by infrastructure decisions rather than policies alone.
Richard Copeland, CEO of Leaseweb USA, said privacy had become a direct function of architectural choices as trusted execution technologies made it possible to secure data at the hardware and memory level. He said this was driving interest in multi-cloud and regional infrastructure models that reduce dependence on single providers.
Roger Brulotte, CEO of Leaseweb Canada, said organisations are reassessing where their data lives as AI becomes central to operations. He said concerns around jurisdiction, continuity and control are pushing companies towards hybrid and sovereign infrastructure strategies.
“Data privacy is becoming a practical engineering issue, not a theoretical one,” Brulotte said.
Trust as the differentiator
Despite differences in emphasis, a common theme runs through the industry’s views. Privacy is no longer a static obligation tied to regulation, but a dynamic capability that shapes how organisations innovate, scale and earn trust.
Tejesh Kodali, group chairman of Blue Cloud Softech Solutions, said protecting data must be embedded into business strategy rather than treated as an afterthought.
Agreeing, Vaibhav Patkar, risk and security solutions advisor at Orient Technologies, said aligning security practices with global standards enables organisations to innovate securely while protecting stakeholder confidence.
As India’s digital economy expands, technology executives say the winners will not be those that collect the most data, but those that can demonstrate control, accountability and restraint in how it is used.
In that sense, Data Privacy Day has become less about awareness and more about reckoning.
