All news with #india dpdp act tag

🔒 India’s cybersecurity agency, CERT-In, has issued a framework urging organizations to patch, mitigate, or isolate known exploited internet-facing “crown jewel” systems within 12 hours where feasible, citing AI-assisted attacks that compress exploitation timelines. The 38-page blueprint prescribes tiered remediation windows—one day for externally exposed critical flaws, three days for critical internal issues, and five days for high-severity vulnerabilities—while emphasizing temporary mitigations and continuous exposure management over periodic assessments.

🔒 India’s new Digital Personal Data Protection (DPDP) Rules, 2025 impose strict consent, verification, and fixed deletion timelines that require large platforms and enterprises to redesign how they collect, store, and erase personal data. The rules create Significant Data Fiduciaries with added audit and algorithmic-check obligations and formalize certified Consent Managers. Organizations have 12–18 months to adopt automated consent capture, verification, retention enforcement, and data-mapping across cloud, on‑prem, and SaaS environments.