Cyril Amarchand Mangaldas regularly counsels on the rapidly evolving regulatory landscape, including matters relating to prepaid instruments, tokenisation, and restrictions on real money gaming.
Data protection in India
Cyril Amarchand Mangaldas
CMS INDUSLAW
CMS INDUSLAW advises on a wide range of areas, including regulatory compliance, data governance, privacy programme management, cybersecurity, breach response, cross-border data transfers, risk mitigation, and policy advocacy. Avimukt Darr is a prominent figure, assisting both domestic and international clients in navigating India’s economic landscape, with experience spanning investments, data protection, e-commerce and fintech. Suneeth Katarki specialises in private equity and venture capital investments, and corporate restructurings. Namita Viswanath focuses her practice on software, cloud-based solutions, AI and machine learning, IT, intellectual property, strategic business acquisitions, and entertainment, alongside advising on associated legal, regulatory, and policy issues.
Autres avocats clés:
Suneeth Katarki; Namita Viswanath; Avimukt Dar; Shreya Suri
Les références
‘The firm has the ability to come up with alternate solutions to business challenges when the initially received solutions were called out to be conservative.’
‘The firm handholds clients to effective regulatory engagements upon being made aware of a knowledge or experience gap on novel challenges.’
‘Provide bespoke solutions to problems. They work at the forefront of technological advancements.’
Principaux clients
Pacific International Lines (Private) Limited
Angel One Limited and its group companies
Delhivery Limited
Open Network for Digital Commerce
Sporta Technologies Private Limited (“Dream11”)
Vivish Technologies Private Limited (“MyGate”)
Swiggy Limited (“Swiggy”)
Google Cloud India Private Limited
Bread Financial Global Solutions India LLP
Uniphore Software Systems Private Limited
Yulu Bikes Pvt Ltd
Blue Pencil Strategies Private Limited
Moonfrog Labs Private Limited
Unacademy
CreditMantri
CII
Lightspeed
FedEx. Lead School
Flipkart
Accenture
Truenorth
RTP Global
Ball Corporation
IBM
Yatra.com
ACoS
Principaux dossiers
- Advised Pacific International Lines, a Singapore based international shipping line on advice relating to Indian data protection laws, contract law, shipping laws and employment laws.
- Advised Angel One, and its group companies, one of the most eminent stockbrokers in India on reviewing consent requirements and data flows within the client’s group for purpose of structuring the client’s super app and advising on sectoral data protection and cyber security regulations.
- Advised Delhivery Limited, a leading Indian logistics service provider, on data privacy obligations captured under the DPDP Act, and structuring of tech-enabled logistics services.
Khaitan & Co.
Khaitan & Co. offers specialist advice on cybersecurity and data protection, with particular strength in sector-specific compliance for industries such as fintech, e-commerce, insurance, and securities markets. The practice is led by Supratim Chakraborty, who has guided major multinational clients across various industries on India’s IT laws, including matters relating to data privacy, AI governance, and cybersecurity, and Harsh Walia, who is another key figure, with expertise in regulatory, contentious, transactional, and contractual issues within the TMT space. Also notable is Abhinav Chandan, who provides strategic counsel on the Infrastructure Providers Category-1 regime and assists with complex passive infrastructure leasing transactions.
Responsables de la pratique:
Supratim Chakraborty; Harsh Walia
Autres avocats clés:
Abhinav Chandan; Siddharth Sonkar
Les références
‘Practical insights and tailor-made business solutions.’
‘Absolute clarity on the subject matter.’
‘Supratim Chakraborty’s knowledge and expertise on the subject were exceptional. He guided us in a timely manner and appropriately addressed any concerns that we have, representing our industry where Data Protection plays a big role.’
Principaux clients
Sanabil Private Equity Investments Company
Johnson & Johnson India Private Limited
In-Solutions Global Limited
Agoda Services Co. Ltd.
Kraft Heinz
Gentari Green Mobility
Principaux dossiers
- Advised the client on data privacy aspects in relation to its participation in the USD 110 million funding round of SILQ Group—a strategic merger between ShopUp and Saudi-based Sary.
- Advised the client on conducting a comprehensive data protection gap assessment for its India operations as part of its global privacy compliance program. The engagement involved mapping personal data processing activities across diverse business functions—ranging from sales and pharmacovigilance to digital engagement and supply chain—against the requirements of the Digital Personal Data Protection Act 2023.
- Advised Gentari Green Mobility, a prominent Malaysian entity at the forefront of the electric vehicle (EV) revolution, in expanding its operations into the Indian market, helping launch an innovative mobile application for locating and using EV charging stations with online payments.
Spice Route Legal
Spice Route Legal provides comprehensive services across the full spectrum of data-related matters, covering compliance, advisory and product structuring, global data transfers, and cybersecurity. The practice is led by Mathew Chacko, who advises on Indian legislation such as the Digital Personal Data Protection Act, 2023, as well as internationally significant frameworks including the GDPR and CCPA. Aadya Misra also leads the firm and has expertise that includes data protection and privacy policies, compliance, incident response, and regulatory guidance. Ankita Hariramani stands out for her specialised focus on financial data.
Responsables de la pratique:
Mathew Chacko; Aadya Misra
Autres avocats clés:
Ankita Hariramani
Les références
‘The three words I would use to describe the team are commercial, responsive & dynamic. They are also incredibly pleasant to work with.’
‘Aadya Misra- so clever and an expert in her field. Rises to the occasion when required to take a hard stance with the other side.’
‘Mathew Chacko – accommodating, smart and commercial. Knows when to dig in and when to concede. Really great to work with. ’
Principaux clients
Aditya Birla Group
Adobe Inc.
Air India
Bayer (Monsanto Holdings Private Limited)
CureCollect
Exotel
Fiserv
Flutter Entertainment plc
Gameopedia
Google LLC
HDFC Bank
ICICI Bank
Juspay
OVHcloud
Lexis Nexis
Marsh McLennan
Palo Alto Networks
Porter
Sahamati (DigiSahamati Foundation)
Sony
Strand Lifesciences
Tanla Platforms Ltd
The Trade Desk
Warner Bros. Discovery
Workday
Principaux dossiers
- Advised Air India on multiple global matters, including data aspects of the Air India-Vistara merger, cookie implementation in over 50 jurisdictions, and structured and negotiated over 200 complex data processing agreements in connection with its digitisation exercises.
- Advising Gameopedia on contractual and technical safeguards –including AI-specific clauses and data watermarking –to prevent the reverse engineering and misuse of its proprietary gaming data by licensees.
- Assisting Mave Health with navigating US and Indian regulatory frameworks –including HIPAA and CCPA compliance –to assist with the cross-border launch of its AI-driven mental wellness platform and tDCS medical device.
Trilegal
Trilegal advises a broad spectrum of domestic and international clients on privacy policy frameworks, drafting data-sharing agreements, and addressing cross-border compliance risks. The practice is led by Rahul Matthan, who is highly experienced in technology-related matters such as data protection, digital finance, cryptocurrencies, e-commerce, telecoms, technology acquisitions, and biotechnology. Another key practitioner is Nikhil Narendran, recognised for his expertise in IP licensing, content acquisition, commercial contracts, emerging technology models, and intermediary liability. Clients also turn to Jyotsna Jayaram for guidance on data privacy and cybersecurity, data sharing and monetisation strategies, data localisation, and mapping regulations.
Responsables de la pratique:
Rahul Matthan
Autres avocats clés:
Nikhil Narendran; Jyotsna Jayaram
Les références
‘Knowledgeable and highly responsive team. Appreciate Nikhil for his guidance, promptness, availability and understanding.’
‘The team has consistently demonstrated a high level of legal expertise and technical proficiency, underpinned by strong industry knowledge. Their ability to navigate complex matters with clarity and precision has been a key differentiator.’
‘What sets this practice apart is its diverse and inclusive team composition, which brings a breadth of perspectives and fosters well-rounded, thoughtful advice. The team is also notably accessible and responsive, ensuring that client needs are met with empathy and understanding.’
Principaux clients
Wikimedia Foundation
Equifax
Creation Investments
NASSCOM
Centre for Internet and Society.
Principaux dossiers
- Represented the Wikimedia Foundation in precedent-setting litigation against ANI before the Delhi High Court and Supreme Court, successfully resisting compelled disclosure of user identities.
- Represented Google in a significant privacy case before the Supreme Court. The petitioner in this case challenged a bail condition that required him to share his Google PIN location with the authorities.
- Advised leading global clients across cloud, gaming, and automotive sectors on compliance with obligations relating to children’s personal data under the DPDPA.
Ikigai Law
Ikigai Law assists clients with data breach and outage response strategies, government requests, India-specific privacy notices, contract localisation, and transfer impact assessments. The practice is led by Sreenidhi Srinivasan, who advises technology companies, start-ups, industry bodies in India and abroad, and clients across sectors such as fintech, gaming, health-tech, e-commerce, education, automotive, telecom, and hospitality on data governance. Nehaa Chaudhari is noted for her work with the Indian government on technology law and policy, as well as advising major international technology companies, global venture capital funds, industry associations, and leading Indian start-ups. Pallavi Sondhi is another key name, providing Indian and global organisations with practical guidance on data protection compliance, helping them strengthen data hygiene, and enhance their data management practices.
Responsables de la pratique:
Sreenidhi Srinivasan
Autres avocats clés:
Nehaa Chaudhari; Pallavi Sondhi
Les références
‘They combine deep legal expertise with a practical, product-aware approach. In an environment where regulation is evolving quickly, especially around privacy, AI, and digital health, the team helped us understand how to stay compliant without slowing down innovation.’
‘They didn’t just interpret the law, they understood how it applies in real-world settings, especially for tech-forward businesses.’
‘Their advice was clear, contextual, and delivered in close collaboration with our product team. This ability to bridge law and implementation sets them apart from more traditional firms.’
Principaux clients
IDEMIA
Info Edge
IDFy
Cinepolis
PSA Shipping
Hevo
Wise
Panasonic
Saregama
GIZ
Principaux dossiers
- Advising Info Edge on complying with India’s new data protection law across their different platforms.
- Advising IDEMIA in strengthening their data handling practices in line with India’s new law and global best practices.
- Supporting Panasonic on data governance.
Nishith Desai Associates
At Nishith Desai Associates, the Data Protection practice is headed by Huzefa Tavawalla, with the team bringing strong experience in reviewing privacy policies for the collection, handling, and safeguarding of sensitive data, participating in public consultations on proposed regulations, and advising on structuring data analytics, machine learning, and big data models. Varsha Rajesh is another key practitioner, recognised for her broad data protection expertise across the technology, pharmaceuticals, and banking sectors.
Responsables de la pratique:
Huzefa Tavawalla
Autres avocats clés:
Varsha Rajesh; Karishma Karthik; Tanisha Khanna
Les références
‘Very commercially aware, flexible in terms of how to present the deliverable, and 100% accurate advice as far as I can tell.’
‘The Nishith Desai team provided comprehensive and practical legal advice for a new project in India.’
‘Karishma Karthik and Tanisha Khanna provided focused, tailored and commercially practical advice in a timely and efficient manner. They took time to understand our business and provided a balanced and comprehensive account of the potential issues. It was a pleasure to work with them.’
Principaux dossiers
DSK Legal
Anand Desai heads DSK Legal, where the team advises clients across industries on building and implementing privacy, data protection, and security frameworks, including policies and processes covering the full customer data lifecycle. Rishi Anand, also a firm head, has deep experience in domestic and cross-border M&A and regularly advises on FDI, joint ventures, technology, cybersecurity, telecoms, corporate restructuring, and complex, high-value transactions. Fellow firm head Chirag Jain frequently works with clients in disruptive and disintermediating sectors such as IT, fintech, e-commerce, retail, manufacturing, renewable energy, and pharmaceuticals.
Responsables de la pratique:
Anand Desai; Rishi Anand; Chirag Jain
Principaux clients
Simmons & Simmons
Indus Towers Limited
Celebal Technologies Private Limited
Principaux dossiers
Kochhar & Co.
Kochhar & Co. provides end-to-end advice on data privacy matters, including identifying lawful bases for data processing, reviewing privacy policies, and structuring cross-border data transfer frameworks. The practice is led by Stephen Mathias, who has a strong focus on fintech and regularly advises banks and financial institutions on data protection issues concerning both their India operations and offshore support centres. Arun Babu is another key figure, noted for his guidance on regulatory aspects of emerging technology products and services.
Responsables de la pratique:
Stephen Mathias
Autres avocats clés:
Arun Babu
Les références
‘They are very responsive and provide practical guidance for businesses.’
‘Stephen Mathias understands what businesses need to know to operate. He gives very good risk advice.’
‘Defined by both technical excellence and an approachable, solutions-oriented mindset. ’
Principaux clients
Accentiv India Pvt. Limited
Dentsply Sirona Inc.
Go Digit Insurance
Cornell University
CISCO Inc
Autodesk
Discord
Fluor
Yokogawa
Rippling
ZimVie
Travelport
Mango
HR Ex
Becton Dickinson
Qualcomm
booking.com
Crowdstrike
Deutsche Bank
NVIDIA
Elevance Health, Inc.
Infosys Limited
Blue Yonder Group, Inc. (formerly JDA Software)
FedEx Corporation
Principaux dossiers
- Advised the world’s leading cyber security firm, Crowdstrike, on cyber security requirements and data localisation requirements under various industry sectoral laws in India
- Advised leading semiconductor company Qualcomm on the impact assessment of the processing of foreign personal data in India.
- Assisted leading data privacy law firm Hogan Lovells on data privacy matters for numerous clients covering different industries including social media, software, manufacturing, etc.
Samvad Partners
Samvad Partners has significant expertise in cybersecurity, data protection, and online privacy, advising clients on both legal and litigation aspects of data breaches, drafting and implementing privacy and data protection policies, managing the use of personal and anonymised data, and reviewing or negotiating data handling agreements. The practice is led by Nivedita Nivargi, who advises across a wide spectrum of technology matters, including media and entertainment, fintech, aerospace, blockchain, cryptocurrency, electric vehicles, edtech, and medical technology. Neela Badami is a name to note for her expertise spanning fintech innovation and international data privacy regulation.
Responsables de la pratique:
Nivedita Nivargi
Autres avocats clés:
Neela Badami
Principaux clients
ADReS
Altlifelab Solutions Private Limited
Asteria Aerospace Technologies
Craft Council of India
Dhiway Networks Private Limited
FA Consulting
Freshworks Ltd
GILDEMEISTER Beteiligungen GmbH (DMG Mori AG)
Hevo Technologies India Private Limited
Joveo Inc
LHI TV Private Limited
Moveinsync Technology Solutions Private Limited
Socion Advisors
Sundaram Finance Ltd
Principaux dossiers
Ahlawat & Associates
Ahlawat & Associates delivers end-to-end data advisory services, ranging from platform audits and privacy policy drafting to data breach management and regulatory response strategies. The team is led by Gaurav Bhalla, who oversees matters such as prosecution, oppositions, and enforcement actions. Ashneet Hanspal is another key member, focusing on drafting, negotiating, and reviewing a wide range of IPR, media and entertainment, IT, and other corporate-commercial agreements and policies, while advising a diverse client base including individuals, start-ups, multinationals, and small businesses. Parag Singhal specialises in all aspects of IP prosecution, from designing pre-filing strategies to strengthen brand protection to preparing and filing trademark and copyright applications.
Responsables de la pratique:
Gaurav Bhalla
Autres avocats clés:
Ashneet Hanspal; Parag Singhal
Principaux clients
RMSI Private Limited
RMSI Cropalytics Private Limited
Intellibusiness Inc.
Xneeti Tech Private Limited
Building Design Partnership Limited
Krypsm Private Limited
Ardee Foundation
Rooter Sports Technologies Private Limited
Joshii Entertainment Private Limited
United For Her Private Limited
Lotus Holdings
Naaya Business Ventures Private Limited
Adkewl Digital Signage Pvt. Ltd.
KGIL Fintech Solutions Private Limited
Asar Gaming Network Private Limited
Microlise Telematic Private Limited
Principaux dossiers
- Provided ongoing general counsel retainer services to Rooter Sports Technologies Pvt. Ltd.; a major online game streaming platform classified as a « significant social media intermediary » under Indian IT laws.
- Advised Lotus Holdings for legal due diligence of a target FMCG company (Salt Oral Care) in a proposed investment deal
- Provided retainer-based general counsel services to Xneeti Tech Pvt. Ltd., a SaaS provider for e-commerce entities. Legal support involved drafting the platform’s Terms & Conditions and Privacy Policy, preparing internal data security policies, and ensuring compliance with the IT Act, 2000 and related rules.
Argus Partners
Argus Partners advises on the full spectrum of the data lifecycle, from collection and processing through to storage, sharing, and disposal. The practice is jointly led by: Abhinav Bhalaik, who represents portfolio companies on corporate advisory, transactions, and shareholder disputes; Ankit Guha, who works with fast-growing companies on governance, restructurings, and acquisitions; Jitendra Soni, who focuses on traditional and emerging technologies such as e-commerce, cloud computing, and SaaS; Neha Madan, who handles corporate-commercial work including transactions, contract drafting, negotiations, regulatory compliance, and advisory; and Udit Mendiratta, who represents clients across sectors including infrastructure, hospitality, real estate, renewable energy, oil and gas, fintech, and social media.
Responsables de la pratique:
Abhinav Bhalaik; Ankit Guha; Jitendra Soni; Neha Madan; Udit Mendiratta
Principaux clients
PeopleStrong
HDFC Bank
Ekaiva Technologies
Infinx Healthcare
XiAn NovaStar Tech Co. Ltd.
ABB India Limited
United Hotels
PeopleStrong
HDFC Bank
Ekaiva Technologies
Infinx Healthcare
XiAn NovaStar Tech Co. Ltd.
ABB India Limited
United Hotels
Principaux dossiers
- Advised PeopleStrong on data retention policy-related aspects in relation to the stake sale by Multiples P.E. to the private equity business of Goldman Sachs Alternatives for USD 130 million.
- Advised Ekaiva Technologies Private Limited on various critical initiatives related to its innovative social dating and experience mobile application, “Elevn Community”.
- Advised Infinx Healthcare regarding its strategic subscription to an enhanced AI-powered software-as-a-service (SaaS) solution from Outbound AI Inc., utilizing a cloud-based Conversation AI platform.
G&W Legal
G&W Legal is highly experienced in managing cross-border technology deals, complex licensing arrangements, and sensitive data protection matters. The firm is led by Dhruv Singh, who draws on his corporate and legal background to guide multinationals, individuals, and non-profits on India’s evolving data protection and privacy regime. Arjun Khurana, who advises companies on navigating India’s changing privacy landscape, with particular expertise in cross-border technology transactions, data transfer frameworks, and transfer impact assessments. Also at the helm is Srijoy Das, who provides strategic advice to major technology companies on foreign investment, market entry strategies, and the commercialisation of emerging technologies and know-how.
Responsables de la pratique:
Dhruv Singh; Arjun Khurana; Srijoy Das
Autres avocats clés:
Shivalik Chandan
Les références
‘We value Srijoy Das’ support – his guidance is tailored to each client’s needs, and he is very responsive.’
‘Excellent team with in depth knowledge of the legal framework.’
‘G&W has a vibrant team that brings a wealth of combined experience and expertise to each mandate. They have very competent, efficient and responsive attorneys, and have become a go-to law firm.’
Principaux clients
WarnerBros Discovery
Discovery Communications India
Yahoo Inc.
Dotdash Meredith
Gartner Inc.
US News
Curiosity Stream
Oura, Inc.
Digi-key Corporation, USA
Evidence Action Inc.
MiQ Digital
Sprinklr
Open AI
ON Semiconductor
Lyssn.io
WHEREBY AS
Instagrid GmbH
Wavetrain Systems
IDinsight
Oura Health Limited
Kmart Group
Recipe Unlimited Corporation
Principaux dossiers
- Advised Legacy Internet Giant on navigating Indian regulatory frameworks concerning critical infrastructure, cybersecurity, data protection, and compliance with recent CERT-In guidelines.
- Assisted ON Semiconductor Corporation, a leading global semiconductor supplier, in an assessment of the demands India’s new data privacy law, the DPDPA places on its privacy practices and data protection ecosystem.
- Advised Lyssn, an organisation devoted to behavioural and mental health, on its plans of partnering with an Indian organisation to provide tools to young people and teenager- that assist them in dealing with depression and self-harm.