Data Privacy Day: why trust, consent and control now define digital business

Data privacy is no longer a background concern. It sits at the centre of how digital trust is built, tested and, often, lost.

Every message a customer receives, every consent box they tick and every invisible data exchange happening behind the screen shapes that trust. As digital interactions deepen across banking, commerce, healthcare and public platforms, the margin for error has shrunk. One unclear message. One unexplained data request. And confidence slips away.

What stands out today is a clear shift in expectations. Users are not rejecting digital services. They are demanding control. They are willing to wait, pay more and even compromise on speed if security and transparency are visible upfront. From verified messaging and consent-driven data sharing to privacy-by-design architectures and responsible AI governance, organisations are being asked to prove their intent before they prove their innovation.

On Data Privacy Day, industry leaders across communications, financial services, infrastructure, analytics, cybersecurity and automation echo the same reality. Privacy is no longer a compliance task handled in isolation. It is now a business imperative, a risk discipline and a foundational layer of digital trust. And it is earned one interaction at a time.

Nicholas Kontopoulos, Vice President of Marketing - Asia Pacific & Japan, Twilio -

“Trust is often won or lost in a single customer message. If consumers cannot immediately recognise who is speaking to them or why a message was sent, they will not engage and confidence is lost before the conversation begins. Our latest Digital Patience research shows that people in India stay patient when they feel in control. The data shows that 63% will accept a short wait if it delivers better security. Additionally, 38% prioritise keeping their personal data is safe when interacting with a brand via digital channels, and 56% would even pay extra for peace of mind. The mandate is clear. Prove identity upfront and make privacy visible. To keep customers, you must prove who you are immediately. Using verified messaging experiences across email and WhatsApp Business can help address this challenge. Clear sender identity and consistent branding signal legitimacy and responsible data use helps customers engage with confidence. On top of that, explain what you collect and why, and ask for consent before you act. When customers feel secure and in charge, they stay loyal. In digital business, trust is earned one message at a time.” 

Manoj Paul, MD, Equinix India:

“As India enters a more mature phase of its digital economy, responsible data governance is being sharpened through the implementation of the Digital Personal Data Protection Rules (DPDP). The Rules place accountability, transparency and user consent at the centre of data-driven growth, at a time when digital services are becoming deeply embedded across financial services, healthcare, manufacturing and public infrastructure. In this evolving landscape, Equinix plays a central role by providing secure, neutral and globally interconnected digital infrastructure that helps organisations manage data responsibly while maintaining compliance and performance.

By enabling scalable architectures and trusted interconnection ecosystems, Equinix supports enterprises as they navigate the operational and governance requirements of the DPDP framework. On Data Privacy Day, Equinix reaffirms its commitment to supporting our customers in upholding the highest standards of data protection and digital trust.

We remain dedicated to empowering businesses with secure, resilient and compliant infrastructure with accessibility to digital ecosystems in India and worldwide. By working alongside customers, partners and policymakers, Equinix continues to support a future where innovation thrives on a foundation of trust, security and responsible data stewardship.”

Maurizio Garavello, SVP for Asia Pacific & Japan, Qlik.

“As AI becomes more autonomous, data privacy stops being a compliance checkbox and becomes a design principle. You can’t build trusted AI on opaque data or unclear ownership. Organisations need to know where data lives, who can act on it, and how decisions are governed – especially as agents begin to operate on their behalf. Privacy, governance, and transparency are what turn AI from a risk into a reliable partner. Without that trust layer, scale simply won’t happen”

Drew Bagley, VP and Counsel, Privacy and Cyber Policy, CrowdStrike

“Data Privacy Day is a reminder that privacy and cybersecurity rise or fall together, and those strategies must always be aligned. With AI becoming embedded across the enterprise and driving workflows, and constant data movement, we almost take for granted the new paradigm for access to and sharing of data. But real protection depends on visibility, privacy by design, and resilience that operates in real time.”

Peter White, Chief Product Officer, Automation Anywhere,

“As agentic systems operate with increasing autonomy and process unprecedented volumes of sensitive data, privacy is no longer optional. It is core infrastructure for responsible AI and automation. Embedding security and privacy by design at the architectural level is a critical element that will define systems which can scale from pilots to real-world operational usage. When privacy and security are built-in, organisations can move fast without breaking trust and introducing unnecessary risks.”

Achyuth Krishna, Head of Enterprise IT, Security, and Procurement, Whatfix:

“Generative AI has turned data into a double-edged sword. While it drives unprecedented automation, the cost of a single misstep has risen to nearly USD 4.5 million per IBM's 2025 Cost of a Data Breach Report. To thrive in 2026, leadership must shift from "defensive" privacy to "offensive" trust. The Strategy for 2026:

1. Democratize Control: Replace opaque data collection with user-centric dashboards. When users have clear sightlines into how AI uses their data, adoption friction disappears.

2. Anticipate the Threat: Move toward AI-driven security that identifies behavioural anomalies in real-time. Resilience must be embedded in the code, not just the firewall.

3. Embrace Regulatory Rigor: Treat the DPDP Act and GDPR not as constraints, but as blueprints for data minimisation. Collecting only what is necessary reduces the "attack surface" and streamlines operations.

A PwC's 2025 Responsible AI Survey confirms the shift that 60% of executives report responsible AI practices directly drive ROI and efficiency. By building with privacy at the core, organizations don't just protect their data, they protect their future. At Whatfix, this philosophy guides how we operate and build. Data privacy and security are embedded across our product suite through privacy-by-design, AI-driven threat detection, automated safeguards, and strong internal practices, including continuous employee training. By placing trust at the centre, we help create digital systems that are secure, resilient, and built for the future.” 

Avaneesh Kumar Vats, VP – Information Technology, Techno Digital

“As India advances into DPDP Act’s next phase, enterprises must re-architect digital foundations with privacy as a core design principle, not a compliance afterthought. With cloud scale exploding, AI workloads surging (26% of firms are AI-mature), and data sovereignty demands rising, privacy outcomes hinge on upstream infrastructure: where data resides, flows, and is governed across distributed environments.

At Techno Digital, we embed privacy-first infrastructure for sustainable growth. India’s data centers jumping 66% to 1.5 GW by 2026 amid $3.8B investments and a digital economy eyeing 20% of GDP by 2030, handling exploding AI data layers like prompts, logs, and inferences. Enterprises demand visibility, control, auditability, and local protection in hyperscale/edge setups, exactly what our designs deliver.

In this new regime, organisations investing in privacy-first architectures, granular data controls, auditable data flows, and sovereign infrastructure will not only stay compliant but also gain customer trust, regulatory resilience, and competitive advantage in India’s data-driven economy.

As India emerges as a digital superpower, trust defines success. Resilient infrastructure enforcing privacy-by-default will power this USD 100B+ decade of innovation. Our commitment: confident scaling with privacy in the backbone.”

Pratik Shah – Managing Director- India & SAARC, F5

“As organisations integrate generative AI, the risk of sensitive data leaks has shifted from a possibility to a near certainty. Traditional security systems simply cannot manage the unpredictable nature of AI models. To use this technology responsibly, enterprises must implement real-time AI guardrails and proactive controls that provide a safety net across the entire AI lifecycle.

By automating data protection, we empower businesses to innovate rapidly without compromising user privacy or regulatory compliance. We are building a future where AI is inherently secure, protecting the digital trust of every citizen and enterprise in the country.”

Piyush Agarwal, SE Leader-India, Cloudera

“The data privacy landscape is rapidly evolving with the increase in diverse data volumes, constantly changing regulations, and the rise of advanced cyber threats. Organisations must now navigate this AI-driven environment, managing its inherent complexity and massive scale. Reflecting on this reality, Cloudera’s recent research shows that 63% of Indian IT leaders cite data privacy as a top concern making it a strategic barrier to scaling AI. With India’s Digital Personal Data Protection (DPDP) Act, 2023 laying the groundwork for data sovereignty, Cloudera believes that the future of responsible AI is built on strong data foundations that help enterprises accelerate innovation while navigating risk, ethical considerations, and the need to make data privacy an essential pillar of trust, agility, and efficiency."

BG Mahesh, CEO, Sahamati

“This Data Privacy Day is a reminder that true data protection is not about restricting use, but about giving citizens meaningful control over how their data is shared and used. The Account Aggregator framework embodies this shift by placing consent at the centre of India’s financial data flows, allowing individuals to decide who can access their information and for what purposes. The Account Aggregator ecosystem has long been aligned to reflect the spirit of India’s DPDP framework, with explicit customer consent embedded by design. As these systems scale, privacy-preserving technologies such as confidential computing, where data is processed within trusted, secure environments without being exposed, will be essential to ensure insights can be generated without eroding trust. This approach can unlock innovation at scale while strengthening confidence in India’s digital public infrastructure for the years ahead.”