
Navigating Compliance: Data Protection Rules and Cyber Insurance in 2025
The draft Digital Personal Data Protection Rules, 2025 provide businesses with wide-ranging baseline security requirements, from encryption to breach detection. For organisations that would have to mandatorily notify breaches within 72 hours to regulators as well as to the affected parties, a multi-layered approach will be necessary to manage compliance and incident response, said Evaa Saiwal, Head of Cyber Insurance, Policybazaar for Business.
For digital-first companies, new rules set out clear expectations regarding data protection and mandate baseline security measures and specific retention timelines, such as 3 years for certain categories. While compliance is the need of the hour, for businesses that have 2 crore+ users in India, a comprehensive risk management strategy is a must. Cyber insurance can offer an additional layer of protection for organizations to navigate compliance requirements and breach scenarios under the Digital Personal Data Protection Act, 2023.
The Rules require an immediate report and documentation of breaches, which call for the presence of rapid response capabilities. Although proper security is foundational, cyber insurance can play a very important role in the event of a breach and its response and recovery. Progressive businesses combine good security practice with cyber insurance coverage to establish a holistic approach to data protection that aligns with regulatory needs and business continuity.
Leave a Reply