Devroop Dhar, Co-founder & Managing Director, Primus Partners, shares his view on the Draft Digital Personal Data Protection Rules, 2025. He highlights that a unified reporting mechanism could streamline and centralize the data breach notification process, reducing administrative burdens while allowing companies to focus on effective mitigation.

The proposed 72-hour timeline for breach reporting aligns with global standards, but its implementation will require robust security and compliance frameworks. The rules introduce opportunities and challenges, particularly around data localization. While increased demand for local data storage may boost India's data center industry, scaling infrastructure to meet this demand will require significant investment in security, maintenance, and sustainability measures.