I hung up my uniform on the 12 January 2026 and joined BISIL on the 15 January 2026. Before I could get my bearings correct or get my North aligned (In military the first thing you do when you are out in open is find out which way is North, helps in keeping you focused on the direction), I was asked to attend a seminar on Digital Personal Data Protection Act at National Stock Exchange at Mumbai – on 16 January. Coincidentally aligning North is a concept used today in corporate world also for the CEOs.
That is, to have clear goals or terminal objectives because Clarity is the quiet force behind confident leadership. Yes I was made to hit the ground sprinting !! (pun intended).
But that one day sitting in the hall with such eminent speakers, all stalwarts in their field was great bedding in for me to understand the nuances of DPDPA more so from the point of view of the seriousness which the BFSI/ Education/ Retail/ Health etc sectors need to accord to it.
Statutory and penal actions may be the reason for organisations to implement DPDPA but as an ex-olive green it got me thinking. Is it only these penalties which should worry us? Are the ways of war fighting changing? We have seen during recently conducted Op Sindoor, how a new domain was exploited by us to deliver a powerful blow to our adversary.
Well that was the physical border. So is there a new border created – The Digital Border. And I am convinced there is. Data is the new currency. So is the DPDPA only a statute for implementation or is it a matter of National Security also.
A lot of questions were in my mind and then I decided to put some words to my thoughts. Where do I begin? If it is a national security matter then there must be some principals of military which can apply to the DPDPA canvas. So from now on what will follow is a series of a blogs which compares DPDPA and military thoughts.
And I will like to narrate a story here – Once while taking a round of my unit, I saw a post which had no sentry standing. Not a very important post, but then not occupied. I immediately called the stake holders to my office. The incident was checked and the sentry had gone for a short bio break (body demands). Option was to let it go but then I decided to give some punishment to the sentry. My chain of Command said “Sir luckily no incidence has taken place, everything is fine so let it go”. I just gave them one simple statement – It does not matter if something was stolen, what matters is that the post was vacant to be exploited.
Fast forward to 16 January – Many organisations must be thinking we can look at DPDPA with ease, no hurries. No breach has taken place till date. Mind you, you have been lucky, and DPDPA safeguards if not adopted now your DOOR IS STILL OPEN to be exploited.
DPDPA removes that luck factor and focuses on process, accountability and safeguards, because breaches don’t announce with a big bang but start with small acts of complacency/ inadvertent mistakes.
Keep visiting for more such stories….
