India’s DPDP rules 2025: Why access controls are priority one for CIOs

By Vijender Yadav, CEO & Co-founder, Accops

Data breaches continue to rise globally at an alarming rate. In 2025 alone, major incidents exposed hundreds of millions of records, with one set of leaked credentials containing over 16 billion records from leading services. Closer to home, India’s digital economy faces mounting pressure as the Digital Personal Data Protection (DPDP) Act, 2023, becomes fully operational through the DPDP Rules notified in late 2025. The fine can go up to ₹250 crore for each violation, alongside reputational harm and operational fallout.

In this context, the role of enterprise access, including role-based access control (RBAC), the concept of least privilege (PoLP), multi-factor authentication (MFA), encryption, and logging, is at the center of compliance conversations. Lack of proper controls enables unauthorized access to personal data, making access a breach mechanism. For CIOs, this is no longer a choice but the first ...