State of Data Privacy in India Survey Report 2024 Our survey captured the perspectives of executives on how well the measures outlined in the Act address significant privacy concerns and challenges. Executive Summary The Digital Personal Data Protection Act, 2023, is a pivotal government initiative aimed at strengthening privacy protections in the digital age. Confederation of Indian Industry (CII) and Protiviti partnered to conduct a comprehensive survey on the preparedness of Indian industries for data privacy and the Digital Personal Data Protection (DPDP) Act. This collaboration sought to assess compliance readiness, identify challenges, and highlight best practices across sectors. The survey results offer strategic insights and guidance to help businesses navigate the evolving data privacy landscape and align with the DPDP Act.Our survey captured the perspectives of executives on the extent to which the measures outlined in the Act address significant privacy concerns and challenges. By analysing the responses, we gained insights into the overall effectiveness of the Act in safeguarding personal data and privacy rights. This included examining broader aspects of data privacy across organisations in India, focusing on:Perception and AwarenessKey Drivers impacting PrivacyPrivacy GovernancePrivacy Programme MaturityEmbracing TechnologyRespondents represented a diverse range of industries, including BFSI, Information Technology, Hospitality, Manufacturing, Media & Telecom, and others, from mid-level to executive management positions. Download Survey Report Our survey captured the perspectives of executives on how well the measures outlined in the Act address significant privacy concerns and challenges. Key Findings: Over 60% of companies are engaged in practices that raise data privacy concerns.A significant 52% of organisations have experienced a data breach within the past 5 years.While 56% view the DPDPA 2023 with confidence, 44% remain skeptical or uncertain.Only 39% of larger organisations currently have a dedicated Data Privacy Office.44% of organisations lack a proactive approach to incident response strategies.Compliance with regulatory and increasing contractual obligations is the primary driver for establishing privacy programmes in 51% of organisations.Managing consent and data principal access requests is the top privacy concern, followed closely by the visibility of personal data.Automation efforts are primarily focused on privacy rights and consent management, as well as data governance, yet only 24% feel prepared for the privacy challenges posed by emerging technologies.Over 60% of organisations have documented data privacy policies and procedures in place, with the Information Technology and Financial Services sectors leading the way.