As the May 2027 implementation deadline for the Digital Personal Data Protection (DPDP) Act approaches, IT majors are scrambling to align governance frameworks, internal policies, and data-handling practices with the new regulatory regime.

India’s second largest IT company Infosys said it was strengthening its compliance architecture as the law comes into force. “We are implementing and fine-tuning our governance, reporting, and stakeholder engagement mechanisms to align with its requirements,” said Inderpreet Sawhney, chief legal and compliance officer at the company.

India’s fourth largest IT company Wipro’s Ivana Bartoletti, global chief privacy & AI governance officer, said, “We continue to strengthen our incident detection and notification procedures at speed, this includes internal escalation paths and documented response procedures.”

Vendor and supply chain governance is one of the most important areas of DPDP compliance, she said. “We are embedding data protection, safety and legal safeguards into product architecture, AI systems, and delivery models,” she added.

Meanwhile, enterprise software giant SAP is conducting detailed gap assessments to benchmark its current systems against the Act’s principles. Sudhakar Singh, head of responsible AI at SAP, said the company is reinforcing internal policies and preparing for evolving rules through structured training and awareness programmes across teams.

Singh added that SAP has established processes to address data subject rights requests, including access, correction, deletion, objection, and consent management, aligned with global privacy standards and contractual obligations.

The company also invests in technical and organisational safeguards, secure processing environments, and transparent data agreements to support customers navigating compliance requirements.

In many enterprise use cases, SAP operates as a data processor, enabling clients, acting as data fiduciaries, to manage lawful data processing, consent, governance, and reporting through integrated governance, risk, and compliance and customer data management solutions.

A spokesperson for India’s largest IT company Tata Consultancy Services said it had a global privacy policy and framework aligned with multiple data-protection regulations.

“This has also been adopted in India, addressing a substantial part of the DPDP requirements. A few additional India specific provisions, prescribed under the DPDPA framework, are currently under implementation and will be completed well within the timelines prescribed under the Act,” the spokesperson said.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!