“CORPORATE DATA PROTECTION OBLIGATIONS IN INDIA: A CRITICAL STUDY OF COMPLIANCE AND ENFORCEMENT CHALLENGES”

AUTHOR – PALLAVI DIXIT. STUDENT AT AMITY UNIVERSITY LUCKNOW CAMPUS

BEST CITATION – PALLAVI DIXIT, “CORPORATE DATA PROTECTION OBLIGATIONS IN INDIA: A CRITICAL STUDY OF COMPLIANCE AND ENFORCEMENT CHALLENGES”, INDIAN JOURNAL OF LEGAL REVIEW (IJLR), 6 (4) OF 2026, PG. 299-313, APIS – 3920 – 0001 & ISSN – 2583-2344.

Abstract

The increasing reliance on digital technologies and data-driven business models in India has intensified concerns regarding the protection of personal data and the accountability of corporations handling such information. This research paper examines the legal and regulatory framework governing corporate data protection obligations in India, with a particular focus on compliance requirements and enforcement challenges. It analyses the evolution of data protection laws from the Information Technology Act, 2000 to the more comprehensive regime established under the Digital Personal Data Protection Act, 2023, highlighting the shift from a negligence-based approach to a compliance-driven and accountability-oriented framework.

The study explores key concepts such as corporate accountability, due diligence, data governance principles, and the nature of data breaches, while critically evaluating the obligations imposed on corporations as data fiduciaries. It further identifies significant challenges in implementation, including regulatory capacity constraints, compliance burdens on organisations, delays in breach detection and reporting, and gaps in enforcement mechanisms. Through doctrinal analysis, case law references, and comparative insights from international frameworks, the paper assesses the effectiveness of the current legal regime in ensuring corporate accountability.

The research finds that although the DPDP Act represents a substantial improvement in strengthening data protection and corporate responsibility, its effectiveness is contingent upon robust enforcement, institutional capacity, and clarity in regulatory guidelines. The paper concludes by recommending measures to enhance compliance, strengthen enforcement mechanisms, and promote a culture of responsible data governance. It argues that effective corporate accountability requires moving beyond formal compliance towards proactive risk management and sustained commitment to data protection in India’s evolving digital ecosystem.

Keywords: Corporate Data Protection, Data Breach, Corporate Accountability, Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, Compliance, Enforcement Challenges