Changing the mindset of management from treating Data Privacy as a cost centre to a compliance requirement has helped me overcome certain roadblocks during the implementation of the Data Privacy Framework.

Exclusive interview with Tanin Chakraborty, Global DPO, Biocon Biologics Ltd

Tanin Chakraborty is a seasoned Global Data Privacy Officer (DPO) at Biocon Biologics Ltd (Bengaluru), with extensive experience in global data protection and privacy compliance across various jurisdictions and industries. Certified in FIP, ISO 27001 LA, ISO 42001 LA, ISO 31000, CIPM, and CIPP/E, Tanin is a regular keynote speaker at prominent conferences and webinars, advocating for rigorous data security, data privacy implementation of GDPR or DPDP, AI & Privacy Challenge, and various other regulatory adherence.

Tanin is also on the Advisory Board for CyberSec India Expo 2025 – India’s 1st Trade Fair for the cyber security industry. 

In an exclusive interview with CyberSec India, Tanin spills the beans on his interest in this field, its future and most importantly – the current Digital Personal Data Protection Act. 

1.   What inspired you to pursue a career in data protection, and how has your journey evolved over the years?

My interest in compliance and its influence on privacy and security motivated me to pursue a career in data protection. Early in my career, I learned that as digital transformation progressed, so did the danger of sensitive data. This sparked my interest in cybersecurity and data protection, prompting me to research regulatory frameworks and risk management.

My trip has changed tremendously over time. I’ve had the opportunity to work in a variety of sectors, observing first-hand the issues that businesses confront when it comes to data security. Participating in thought leadership, speaking at conferences, and engaging with industry colleagues has broadened my viewpoint. The dynamic nature of data protection, with continually changing legislation and developing dangers, motivates me to stay current and contribute significantly to the industry.

2.   What are some of the biggest challenges you’ve faced in the field of data protection, and how did you overcome them?

One of the most difficult difficulties in data protection has been combining security and aligning doing business. Organisations frequently struggle to set effective privacy policies without hampering innovation. To solve this, I’ve prioritized privacy by design, ensuring compliance and security are effortlessly incorporated into company operations.

Another issue is managing a complicated and ever-changing regulatory framework. Global rules such as GDPR, CCPA, and India’s DPDP Act demand firms to be compliant. I’ve addressed this issue by encouraging continual learning, collaborating with industry experts, and building scalable compliance frameworks.

Finally, opposition to change inside an organization might be a barrier. I overcame this by raising awareness through training, gaining leadership support, and demonstrating the practical advantages of good data protection procedures for trust and company resilience.

Also, changing the mindset of management from treating Data Privacy as a cost centre to a compliance requirement has helped me overcome certain roadblocks during the implementation of the Data Privacy Framework.

3.     How has the introduction of laws like the Indian Digital Personal Data Protection Act shaped your role and responsibilities?

The introduction of the Indian Digital Personal Data Protection (DPDP) Act has had a huge impact on all Privacy Professionals who haven’t started the journey of privacy implementation, making compliance, governance, and stakeholder engagement more important than ever. As firms adapt to the new law, my primary focus has been on developing strong data protection plans, ensuring lawful processing, and cultivating a privacy-first culture.

As we know, a Data Protection Officer (DPO) plays an important function under the DPDP Act, responsible for monitoring compliance, advising on data processing activities, and serving as a liaison between the business and the Data Protection Board of India. This includes doing Data Protection Impact Assessments (DPIAs), managing complaints, handling data principle requests, and assuring risk management in data handling processes. My current responsibilities also include coaching organisations through these duties, improving transparency, and ensuring operational readiness for regulatory enforcement.

4.     What advice would you give to someone looking to build a career in data protection and privacy in India?

Continuous learning is essential for anyone seeking to advance their career in data protection and privacy in India. The privacy landscape is changing rapidly, with rules such as the DPDP Act, GDPR, and EU AI Act influencing global data governance. Staying up to current on these rules, attending industry forums, and earning necessary certifications will help build a solid foundation. 

A good privacy specialist must interact with employees, raise awareness, and incorporate privacy by design into organisational processes. Organisations acting as data fiduciaries must manage personal data responsibly, guaranteeing compliance and ethical data usage. Gaining skills in risk management, governance, and regulatory interpretation will be critical. Adaptability, proactiveness, and teamwork will distinguish professionals in this dynamic area.

5.     What trends or developments in data protection do you foresee having the biggest impact in India over the next five years?

 Over the next five years, emerging technologies such as artificial intelligence, quantum computing, privacy-enhancing technology, and sophisticated biometrics will redefine data protection in India. AI-powered decision-making and data processing provide new privacy issues, necessitating privacy professionals to stay ahead of hostile actors and ensure ethical AI use. Quantum computing presents future problems to encryption, making post-quantum cryptography a critical emphasis area.

With the DPDP Act and global requirements such as the EU AI Act, organisations—particularly those that have yet to begin their compliance journey—will be busy adapting. A cultural shift is required to create a privacy-conscious workforce, with programs such as International Data Privacy Day focusing on raising awareness. To protect data in this rapidly changing context, privacy and security experts must be proactive, always learning and integrating privacy by design.