MADRAS MANAGEMENT ASSOCIATION

Presents

One day Workshop on 

DIGITAL PERSONAL DATA PROTECTION RULES 2025- INDUSTRY SPECIFIC 

Session-1: Setting DPDP Foundations for Privacy Compliance.

10:00 AM – 11:00 AM | Context Setting

Setting the Foundation for Privacy Compliance

• Why data protection and privacy matter for manufacturing organizations
• Evolution of India’s data protection regime
• Shift from IT Act framework to the DPDP Act, 2023
• Sector-specific risks for manufacturing entities (HR data, vendor data, customer data, operational data)
• Overview of compliance expectations under the DPDP Rules, 2025

11:00 AM – 12:00 PM | Overview of the DPDP Act & DPDP Rules

Understanding the Legal Framework

• Key definitions and scope under the DPDP Act
• Applicability to manufacturing entities
• Roles and obligations of Data Fiduciaries and Data Processors
• Rights of Data Principals
• Penalties, enforcement mechanism and role of the Data Protection Board
• Key compliance timelines under the DPDP Rules, 2025

12:20 PM – 1:30 PM | Consent Framework under the DPDP Act

Consent, Notice & Consent Managers

• Meaning and standards of valid consent
• Notice requirements under the Act and Rules
• Layered notices and plain language drafting
• Role and functioning of Consent Managers
• Withdrawal of consent and its operational impact
• Special considerations for employee data and vendor data

Practical Exercise:

• Drafting a compliant consent notice for a manufacturing organisation
• Identifying scenarios where consent can be dropped or replaced with legitimate use (including manufacturing-specific use cases)

2:30 PM – 3:30 PM | Data Security, Retention & Breach Preparedness

Operationalising Compliance

• Reasonable security safeguards under the DPDP Act
• Technical and organisational measures for manufacturing entities
• Data retention policies and lawful deletion
• Storage limitation and documentation requirements
• Preparing for data breaches: legal and operational readiness

3:30 PM – 3:45 PM | Data Breach & Incident Response

Regulatory and Practical Response

• What constitutes a personal data breach
• Breach notification requirements under the DPDP Rules
• Internal incident response workflows
• Coordination between legal, IT, HR and management
• Documentation and post-breach compliance

4:15 PM – 5:15 PM | Data Governance Framework

Building a Sustainable Privacy Program

• Data mapping and data inventory for manufacturing operations
• Data minimization and purpose limitation
• Privacy by design and default
• Internal audits and compliance reviews
• Accountability mechanisms and record-keeping

Third-Party Management:

• Vendor risk assessment
• Data protection clauses in vendor contracts
• Structuring Data Processing Agreements (DPAs)
• Managing cross-functional accountability

5:15 PM onwards | Interactive Q&A Session

• Sector-specific compliance questions
• Practical challenges in implementation
• Clarifications on grey areas under the Act and Rules

Key Takeaways

Clarity on Legal and Compliance Requirements:

Understanding applicability: Clear awareness of how the Digital Personal Data Protection (DPDP) Rules 2025 apply specifically to manufacturing settings — including employee, vendor, and plant data.Compliance timelines: Knowledge of the staggered roll-out (notification, 12-month, and 18-month milestones) and when different categories of obligations, such as breach reporting and consent management, become mandatory.

Legal accountability: Recognition of the company’s role as a data fiduciary vs. a data processor, and how liability extends to contractors, staffing agencies, and technology providers.

Practical Data Mapping for Manufacturing Environments.

Data flow identification: Ability to trace how personal data (of employees, contractors, and suppliers) moves within a plant and beyond — via HRMS, CCTV, IoT sensors, attendance systems, and vendor portals.

Classification frameworks: Categorizing data into sensitive vs. non-sensitive categories, determining which data qualifies as digital personal data.

Minimal data principle: Understanding how to apply “purpose limitation” — collecting only what is needed to run operations, including shift scheduling or machine optimization.

 Implementing DPDP Compliance Framework

Consent and notice design: Participants leave with templates for employee and vendor consent forms tailored to manufacturing operations (e.g., shift rostering, access control, safety tracking).

Right management systems: Clarity on how to operationalize data principal rights (access, correction, erasure) internally — including defined response times and escalation paths.

Security and storage standards: Knowledge of the technical safeguards required — encryption of IoT data, anonymization of production analytics, and secure retention/deletion rules.

Vendor and Supply Chain Risk Management

Third-party compliance controls: Participants gain an actionable checklist to assess vendor data handling capabilities before contract renewal or onboarding.

Model contract clauses: Familiarity with “DPDP-aligned” Data Processing Agreements (DPAs) and Standard Contractual Clauses for third-party and global vendors.

Audit-readiness: Understanding how to document compliance evidence (consent logs, DPIAs, and vendor audit trails) if inspected by the Data Protection Board.

Tools, Templates, and Action Plans

Practical toolkits: Hands-on templates such as:

-Data Inventory & Flow Mapping Sheet

-Breach Response Checklist (72-hour notification model)

-Factory IoT DPIA Format

-Employee Privacy Notice Template

First-90-days roadmap: Each participant drafts a personalized plan for their factory or organization, listing top 5 immediate and 5 medium-term compliance steps.

Risk Reduction and Business Value

Operational continuity: Understanding how proactive privacy measures reduce downtime, breach impact, and regulatory penalties.

Reputational trust: Positioning privacy compliance as a business differentiator, especially for exporters subject to global client audits or EU data regulations.

Cultural change: How to embed privacy awareness across plant supervisors, HR, IT, and contract workforce — turning compliance into an ongoing operational mindset.

These takeaways ensure that each participant not only understands the DPDP Rules 2025 but is ready to deploy a compliant privacy framework adapted to their manufacturing context.

Who can Attend

This one-day program suits professionals from auto-ancillaries, heavy engineering, electronics assembly, food processing, and pharma manufacturing—who manage employee monitoring, IoT/smart factory data, vendor ecosystems, and compliance risks under the phased DPDP rollout (effective from Nov 2025).

Ideal Roles and Seniority

Focus on decision-makers and implementers with 5+ years experience, who own HR/IT/operations budgets and report to plant heads or functional VPs:

Plant/Production Managers (key for IoT/CCTV data flows, shift tracking compliance).

HR/Administration Heads (handle employee PII, biometrics, attendance systems, contractor data).

IT/Cybersecurity Leads (secure factory networks, vendor portals, breach response playbooks).

Supply Chain/Procurement Managers (vendor DPAs, third-party risk assessments).

Compliance/Legal Officers (DPIA coordination, Board audit prep for Significant Data Fiduciaries).

FACULTY PROFILE

SUBATHRA MYLSAMY 

Managing Partner,
AK Mylsamy & Associates LLP

Ms. Subathra Mylsamy brings over two decades of legal excellence to India’s
legal landscape. Her expertise spans over corporate & cyber tech laws, privacy,
and AI governance along with intellectual property rights, As an AI governance
professional and Chairperson of the AI Ethics Committee of the Applied AI
Association India Chapter, she is a recognised voice. In the world of dynamic
legal developments she is an established speaker, engaging federations and
corporates. Her leadership seamlessly blends legal depth with technological
foresight.

As an AI Governance professional, she has designed and led multiple high-impact
workshops and executive programs that bridge the gap between AI innovation
and regulatory accountability. Her work focuses on translating complex AI and
technology risks into practical governance frameworks for businesses,
institutions, and policymakers

Vision & Thought Leadership
Subathra Mylsamy believes that sustainable innovation lies in aligning technology, law, and ethics. Her work focuses on
enabling responsible AI adoption, strong digital governance, and regulatory resilience, helping businesses innovate with
confidence while safeguarding trust, compliance, and societal impact. She brings a pragmatic, future-focused perspective
to how organisations navigate emerging technologies in an increasingly regulated digital economy.

Text block at your service. Replace this text with yours.