India has taken a major step in reshaping its digital future. After years of drafts and debate, the country has finalized the Digital Personal Data Protection Act (DPDPA) and issued detailed rules that bring the law fully to life. With implementation now scheduled over the next 18 months, organizations have clear timelines and a more definitive view of the significant compliance work ahead. 

In this episode, host Scott Loughlin is joined by Stephen Mathias, partner and head of the Bangalore office at Kochhar & Company, and Hogan Lovells partner Charmian Aw, who leads the Hogan Lovells APAC Data, Privacy and Cybersecurity practice. Together, they discuss the core features of India’s new law, including its consent-based framework, extraterritorial reach, and parallels with the EU GDPR. 

The conversation covers the key steps companies should be taking now, from redesigning data architecture and consent flows to assessing breach response readiness. The episode also explores global business implications, enforcement expectations, and how the DPDPA fits into the broader regional privacy landscape. 

Whether you’re operating in India or serving customers there, this discussion offers practical insights on what’s changing, why it matters, and how to prepare.