Winpe’s Women on Boards initiative is reshaping board leadership by advancing high-caliber, board-ready women. Through partnerships with progressive companies and targeted board-prep programs, it offers curated talent and strategic engagement models that strengthen governance and support DEI goals.

The recent session on India's Digital Personal Data Protection Act (DPDPA) 2023 and DPDP Rules 2025, led by expert speakers, delivered a thoughtful and engaging discussion on a critical, timely topic. It resonated strongly with participants, earning outstanding feedback, high speaker ratings, and clear learning outcomes.

The session provided a focused overview of the DPDP Act, unpacking key provisions and highlighting the evolving role of boards in data privacy, risk oversight, and accountability, with an interactive format that deepened understanding and practical insight.

Catch the full recording here

Join our Women on Boards community to gain access to curated board opportunities and stay informed on upcoming sessions, insights, and engagements through our WhatsApp group.

👉 Join our peer community     👉 Join the WhatsApp Group

Session Takeaways:

• Board-Level Accountability: Data privacy must be treated as a core element of corporate governance and enterprise risk management, not merely a compliance requirement.
• Consent Architecture: Organisations must implement purpose-specific, granular, and unbundled consent mechanisms, supported by clear, layered privacy notices and auditable consent records, including the ability to operationalise withdrawal of consent.
• Operationalising Data Principal Rights: Systems must enable practical and efficient execution of data principal rights, including access, correction, erasure, and nomination, supported by robust data retrieval capabilities and structured grievance redressal mechanisms.
• Defensible Compliance Frameworks: Compliance must be demonstrable through comprehensive documentation, embedded controls, regular audits, and strong audit trails to withstand regulatory scrutiny.
• Breach Readiness & Response: Organisations should establish clear escalation protocols and ensure readiness to notify regulators and affected stakeholders within prescribed timelines, supported by forensic and reporting capabilities.
• Significant Data Fiduciary (SDF) Preparedness: Organisations must proactively assess data volume, sensitivity, and risk exposure, and be prepared to implement enhanced governance measures, including Data Protection Impact Assessments (DPIAs), mandatory audits, and the appointment of a resident Data Protection Officer.
• Data Lifecycle Management: Organisations must clearly distinguish between essential and optional data processing, with defined retention schedules and automated deletion or anonymisation workflows to minimise risk and liability.
• Heightened Focus on Sensitive Data: Organisations handling financial, health, Aadhaar-linked, or children’s data must implement enhanced safeguards and comply with overlapping sectoral regulations.
• Private Equity & Portfolio Oversight: Data privacy considerations must be embedded into due diligence, valuation, and ongoing portfolio monitoring, with a focus on sector-specific risks and compliance maturity across investee companies.