India, Sept. 21 -- The passage of the Digital Personal Data Protection Act 2023 ("DPDP Act") has ushered in a transformative era for privacy governance in India. Businesses now face a crucial strategic decision whether to commence compliance preparations immediately or wait for the government to formally notify detailed rules. The latter approach, often driven by uncertainty and the desire to defer change, is fraught with risks that can jeopardize regulatory standing as well as corporate reputation. With Presidential assent, the DPDP Act is already a binding framework.

The core demands of the DPDP Act are both wide ranging and complex. At the heart of its requirements is the mandate to map every instance of personal data handling within ...