As AI continues to revolutionise various sectors, it also raises significant questions regarding governance and protection. There is a large amount of personal data that is consumed by AI platforms, where extensive autonomous decision-making takes place and personal data is processed. Organisations need to strike a balance between data privacy and leveraging data for innovation. At the crucial intersection of artificial intelligence (AI), the Digital Personal Data Protection (DPDP) Act, and the ethical considerations surrounding data privacy, DPDP provides some basic checks that organisations can adopt to ensure transparency, security, and compliance.
India’s data protection framework entered a critical implementation phase when Ministry of Electronics and Information Technology (MeitY) notified the Digital Personal Data Protection Rules, 2025 (DPDP Rules 2025). Issued as subordinate legislation under the Digital Personal Data Protection Act, 2023 (DPDP Act 2023), these Rules translate the Act’s principles into actionable compliance requirements. Together, the DPDP Act and DPDP Rules apply to the processing of digital personal data within India.
Rolled out in three phases, the DPDP Rules 2025 place strong emphasis on user consent, data security safeguards, data principal rights, and breach reporting obligations, with full compliance mandated by 13 May 2027. The DPDP Rules mark a pivotal milestone in this journey, underscoring that robust privacy governance is no longer merely a regulatory or reputational imperative, but a foundational element in building transparent, resilient, and sustainable organisations for the future.
Dynatrace platform
Dynatrace is a global observability and performance monitoring company with a strong and growing presence in India, serving large enterprises across highly regulated sectors such as banking, insurance, fintech, telecommunications, healthcare, and manufacturing. The Dynatrace platform is designed as an AI-driven, unified observability solution that spans applications, infrastructure, user experience, and security. They also offer professional services to provide architectural advisory, integrations, and optimisation support. Its India strategy focuses on a select set of high-value enterprise accounts, particularly in financial services, where regulatory scrutiny around data security, privacy, and operational resilience is intense. As digital transformation accelerates and industry boundaries blur – banks moving into fintech, telecom companies into financial services, and healthcare into digital retail – Dynatrace’s platform enables organisations to monitor, analyse, and optimise complex application environments in real time, while maintaining strict controls over sensitive data.
Nalin Agrawal, Director, Solutions Engineering at Dynatrace, stated: “DPDP compliance is not just about storing data in India. It extends to how data is collected, encrypted, accessed, and governed. While Dynatrace ensures the highest standards on our platform, customers must also have visibility and control across their applications, and that is where we help them.”
Companies like Dynatrace are already complying with data protection laws under the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA), the Health Insurance Portability and Accountability Act (HIPAA) for healthcare, or the System and Organization Controls (SOC 2), a voluntary trust-based audit standard in the United States. DPDP has necessitated India-specific implementations, most notably data localisation through the establishment of an India-based SaaS tenant. The Digital Personal Data Protection (DPDP) framework has a significant impact on Dynatrace’s business in India, both as a compliance requirement and as a value driver for customers.
Dynatrace does not capture personally identifiable information, limiting data collection to what is necessary for performance and security analysis. DPDP has heightened customer expectations around data privacy and loss detection, indicating areas where Dynatrace’s unified observability platform helps enterprises gain visibility across applications, identify data leakage risks in real time, and demonstrate regulatory compliance.
The DPDP is an ‘umbrella’ legislation, as it sets out only a high-level framework for India’s new data protection regime. However, the DPDP is still a significant step forward for data protection in India. This Act is a step towards showcasing India’s dedication to fostering a secure and trustworthy environment for both its citizens and businesses.