Next Generation Partners

Firms To Watch: Data protection

PSA’s growing data protection, cybersecurity, and privacy practice is establishing itself as a key name for clients in the healthcare and telemedicine sectors; 'truly outstanding' certified international privacy professional Arya Tripathy, in New Delhi, is a key contact.

Data protection in India


Acting for large domestic and multinational corporations, IndusLaw has a broad data protection practice that is adept at handling all aspects of data processing, protection, and optimisation, as well as advising on data breach responses and compliance frameworks. With significant expertise in international data law frameworks such as the GDPR, international and cross-border mandates are a notable area of strength for the team. Practice co-head Namita Viswanath, based in Bengaluru, has a broad data privacy practice focused on regulatory, policy, and compliance issues for clients across a broad spectrum of industries, with particular emphasis on emerging technologies and the fintech sectors. Founding partners Suneeth Katarki and Avimukt Dar oversee the department from the Bengaluru and New Delhi offices, respectively. Also in New Delhi, Shreya Suri is recommended for her ‘well-rounded and practical advice'; she has a broad practice that covers compliance, regulatory, and commercial matters for clients in the telecoms and e-commerce sectors.

Practice head(s):

Avimukt Dar; Suneeth Katarki; Namita Viswanath; Shreya Suri


‘Shreya Suri provides well-rounded and practical advice while keeping in mind our business offerings.’

Key clients

RooFoods Ltd. (Deliveroo UK)

Moody’s Corporation

Paychex Inc.


Delhivery Private Limited (Delhivery)

Mango Sciences (Riversys Technologies Private Limited)


Azalp Technologies Private Limited (Rigi)

Work highlights

  • Advised Netlink on its response protocol for an identified data breach, drafted the breach report and submitted the same to the Indian Computer Emergency Response Team (CERT-In) constituted under the Information Technology Act, 2000.
  • Advised Moody’s, one of the worlds’ largest technology and data-enabled companies supporting the financial industry, on the new and then nascent cybersecurity directions applicable to various intermediaries and service providers issued by the CERT-In (Directions), the regulatory body for investigating and providing support on mitigation measures for cybersecurity incidents in India, on the key implications, the compliances and reporting required thereunder, and nuances relating to the extraterritorial applicability thereof.
  • Advised Services LLC on the extraction and use of data and personal images to train a machine learning algorithm which would be applied globally. In this context, assisted Amazon in reviewing their agreements from the perspective of Indian data privacy and protection laws as well as intellectual property rights.

Khaitan & Co.

Jointly led by Supratim Chakraborty and Harsh Walia, the data protection team at Khaitan & Co. stands out for its multidisciplinary approach. Drawing together specialists from various practice areas such as TMT, corporate, IP, and competition, the practice runs the gamut of advisory matters across industries such as fintech, e-commerce, insurance, and securities markets. In Kolkata, the ‘very proactive' Chakraborty advises on emerging legislation as well as the data aspects of major transactional matters. In New Delhi, Walia is routinely instructed by large tech companies, regulatory authorities, and media organisations on cross-border data transfers and security mandates; counsel Shobhit Chandra is another key name here. Also in Delhi is telecoms regulatory and data protection specialist Abhinav Chandan.

Practice head(s):

Supratim Chakraborty; Harsh Walia

Other key lawyers:

Shobhit Chandra; Abhinav Chandan


‘Supratim Chakraborty has a good grasp on this evolving subject and that is what makes him and his team distinct.’

‘The Khaitan & Co team has hands-on knowledge on the subject of data protection law. They have expertise in not just Indian data protection law, but also advise on GDPR compliances.’

‘Supratim Chakraborty is a very proactive lawyer, having hands-on experience in handling any kind of queries and compliance with data protection law.’

Key clients

Reliance Industries Limited Group

Meta Platforms, Inc.

Bloomberg LP

STT Global Data Centres India Private Limited

SK Innovation

The Pokémon Company

Axis Bank Limited

Work highlights

  • Advising Reliant Industries Limited Group on several aspects of its data privacy and protection compliances, including review of existing data privacy policies, considering its large scope of business. As part of such activities, advised the client on mandatory disclosures in its privacy policy, reasonable security practices, etc.
  • Meta sought an extensive analysis of data access and surveillance regulations in India, including queries on law enforcement assistance, data retention, encryption use, and more. By navigating the intersection of technology and telecommunications law, the team was successful in identifying specific obligations and providing practical solutions for compliance.
  • Providing an analysis of website terms of use and privacy policy for ‘Pokémon Café ReMix’ to ensure compliance with prevailing information technology and data protection laws in India. Conducted a detailed assessment of the client’s services with their existing policies, and proposed necessary changes to meet compliance standards, while minimizing country-specific alterations.

Spice Route Legal

Multinationals from a diverse range of sectors regularly instruct Spice Route Legal’s dedicated data protection, privacy, and cybersecurity team for advice across the full gamut of advisory, regulatory, and contentious matters. The Bengaluru-based team is led by co-founder Mathew Chacko, a seasoned data privacy specialist with strength in complex cross-border data protection mandates and regulatory issues, as well as data-related disputes. Aadya Misra, who is now a counsel, advises clients on emerging technologies, regulatory advisory matters, and incident reports, and has particular expertise handling major financial services data transfers from the EU to India, following the Schrems II decision. On the cybersecurity front, the team has seen increased activity concerning data breach response mandates.

Practice head(s):

Mathew Chacko

Other key lawyers:

Aadya Misra; Ankita Hariramani; Shambhavi Mishra


‘Mathew Chacko and Aadya Misra stand out. Both are collaborative and deeply knowledgeable about the law. What more can one want?’

‘The SRL team, led by Mathew Chacko, is able to keep the legal objectives, the letter of the law and technological change in focus while crafting an opinion or solution. They are willing to debate, define the issues and seek answers collaboratively with the client, which is a unique capability in this team.’

‘The team has been fantastic to work with. They are eager and curious about this field.’

‘Expertise, business understanding, practical approach, accommodation of reasonable client requests. It is a pleasure to work with them.’

‘Spice Route Legal is very practical and methodical in its approach to the issues. They have clear knowledge of the subject and are efficient in handling the issues which were presented to them.’

Key clients


Adobe Inc.

Air India







Hewlett Packard


Meta Inc.


Talview Inc.





John Lewis Partners




Northern Arc




SHL Group

Srijan Technologies


Tanla Platforms

Tricog Health

Urban Company

Warner Bros


Work highlights

  • Advised Singapore-based Livspace on data transfer analysis and compliance across India, Singapore, Malaysia, and Saudi Arabia.
  • Assisted Northern Arc with ensuring that the data processing activities comply with the Reserve Bank of India’s new digital lending requirements and in developing procedures to ensure that its various partners in the digital lending ecosystem also do so.
  • Assisted Talview Inc. with a 40-jurisdiction data protection compliance assessment to assess regulatory and business risks of offering AI-powered HR-tech video interview tools on a global scale.


Advising government entities, industry bodies, and large multinationals, the data protection offering at Trilegal spans the full range of advisory, strategic, and compliance matters. Counting major international tech entities among its impressive roster of clients, the Bengaluru-based team handles cross-border data transfers, emerging legislation compliance, and data breaches and cybersecurity incidents. Founding partner Rahul Matthan now heads the team, while former co-heads Nikhil Narendran and Jyotsna Jayaram remain with the practice. Matthan is a seasoned expert specialising in tech, regulatory, and e-commerce matters; TMT and corporate specialist Narendran advises blue-chip technology companies on data protection policies and practices, while Jayaram has recently assisted clients in the fintech, healthtech, and digital content sectors on sectoral data regulations and data-related transactional mandates.

Practice head(s):

Rahul Matthan

Other key lawyers:

Nikhil Narendran; Jyotsna Jayaram


‘Expertise and practical lawyering.’

Key clients

Solis Health Private Limited

SUN Mobility


Wikimedia Foundation

Davidson Kempner

Amazon Web Services



PayPal India Private Limited

PayU Payments Private Limited

DXC Technology

Accenture India Pvt. Ltd.

Work highlights

  • Advised on the Open Network for Digital Commerce (ONDC) initiative, advising on applicable data protection framework in India and making it future-ready, and assisted on aspects related to the deployment of smart contracts on the ONDC network and formulated the data governance policies and strategies that will govern the ONDC network.

Nishith Desai Associates

Nishith Desai Associates' dedicated data protection and privacy practice is adept at advising on all aspects of data, with expertise in personal data privacy, geospatial data matters, and novel issues related to emerging technologies such as AI. Acting for multinational corporations, the team takes an industry-focused approach and has particular strength in advising on domestic and international data protection laws. In Mumbai, Gowree Gokhale is recommended for her sector expertise across the pharma and tech industries; Bengaluru-based Huzefa Tavawalla focuses on matters relating to disruptive technologies as well as data-heavy transactions. Gokhale and Tavawalla now jointly co-head the team following the 2023 departure of former co-head Aarushi Jain to Cyril Amarchand Mangaldas. 2023 also saw the departure of Indrajeet Sircar to an in-house position.

Practice head(s):

Gowree Gokhale; Huzefa Tavawalla


‘The people here are brilliant, and they understand the new technologies.’

DSK Legal

DSK Legal’s data protection offering spans the full range of mandates, handling compliance, data transfer and sharing arrangements, as well as advising on security incidents and breach responses for a diverse roster of clients. Rishi Anand heads the firm’s technology practice and co-heads the data protection team, advising large multinationals and domestic corporates on the data protection implications of corporate transactions and cross-border M&A. Anand works alongside co-head Nakul Batra, a corporate and M&A expert and qualified computer science engineer; the duo is based in New Delhi.

Practice head(s):

Rishi Anand; Nakul Batra

Other key lawyers:

Chirag Jain


‘DSK is top-notch in the delivery of their services. They are prompt and do a deep dive analysis of matters offered to them. Their quality of services is commendable.’

‘The team consists of highly skilled people. They are extremely prompt in responding to our requests for assistance.’

Key clients

Amazon Digital Services Private Limited

Blue Dart Express Limited

Guangdong OPPO Mobile Telecommunications Corp., Ltd., China

Housing Development Finance Corporation Limited

HDFC Capital Advisors Limited

Herbalife International Inc., USA and Herbalife International India Private Limited

MoneyClub Technologies Private Limited

OnePlus Technology (Shenzhen) Co. Ltd.

Reliance Retail Limited

Redcliffe Lifetech Private Limited

DENSO International India Private Limited

Nykaa Fashion Private Limited

Scribetech India Healthcare Private Limited

Aurum Proptech Limited

Appcino Technologies Private Limited

Arisaig Partners (Asia) PTE Ltd

Oben Electric Vehicles Private Limited

Paygate India Private Limited

PhonePe Private Limited

Religare Enterprises Limited

National Payments Corporation of India

Fortinet Inc., and Fortinet Technologies India Private Limited

Astrum Digital Private Limited

Mumbai City Football Club, and City Football Group

Bhartipay Services Private Limited

Work highlights

  • Advised and assisted Mumbai City FC and the CFG in reviewing and revising the intra-group data transfer agreement (IGDTA) entered into between the different football clubs under CFG in furtherance of the mandatory legal requirements under the EU laws, from an Indian data protection and privacy law perspective.

Samvad Partners

Leveraging the firm’s broader corporate, commercial, and transactional capabilities, Samvad Partners has extensive experience advising on cybersecurity, online privacy, and data protection issues, handling both advisory and contentious matters. The team is jointly led by Rohan George, based in Chennai, and Nivedita Nivargi, in Bengaluru. George advises Indian and international clients in the emerging tech sector on data protection aspects of compliance, licensing, and contracting. TMT specialist Nivargi has a broad practice and advises on data protection issues in the fintech, blockchain, and aerospace industries.

Practice head(s):

Rohan George; Nivedita Nivargi

Key clients


Altlifelab Solutions Private Limited

Craft Council of India

Dhiway Networks Private Limited

FA Consulting

Freshworks Ltd

GILDEMEISTER Beteiligungen GmbH (DMG Mori AG)

Hevo Technologies India Private Limited

Joveo Inc

LHI TV Private Limited

Moveinsync Technology Solutions Private Limited

Socion Advisors

Sundaram Finance Ltd

Work highlights

  • Acting as legal advisers for Jio Digital’s portfolio companies, such as Asteria Aerospace Limited, Sankhyasutra Labs, NewJ and Tesseract.
  • Advised Algonomy regarding the need for opt-in consent prior to placing of cookies on user devices and advised on how the website could be in adherence to applicable data privacy laws, that is, United Kingdom General Data Protection Regulation (“UK GDPR”), Data Protection Act, 2018 (“DPA, 2018”) and The Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”).
  • Advised LHI TV Private Limited on the various data privacy related compliances applicable to the platform, from Indian laws, United States laws and GDPR perspective.

AZB & Partners

AZB & Partners' multidisciplinary data protection offering has considerable expertise in healthcare, IT, e-commerce, and emerging technologies, and handles both advisory, transactional, and compliance mandates both domestically and across borders. Key members of the team include Mumbai-based IP and IT specialist Nandan Pendsey, recommended for his regulatory expertise, as well as Rachit Bahl and Rohan Bagai, both in Delhi; Bahl advises multinational corporations on the data privacy and protection aspects of e-commerce, online healthcare, and surveillance issues, while Bagai has a special focus on payments and emerging technologies, routinely acting for fintech businesses.

Other key lawyers:

Nandan Pendsey; Rachit Bahl; Rohan Bagai


‘Detailed, well-considered advice on a fast evolving subject matter. Responsive and practical in their outlook.’

Majmudar & Partners

Majmudar & Partners leverages its considerable TMT practice to assist clients in the tech, IT, telecoms, and e-commerce sectors on a range of data protection issues, including regulatory, compliance, and transactional matters. Akil Hirani, Neerav Merchant and N. Raja Sujith jointly oversee the practice. Sujith, based in Bengaluru, leads the firm’s South India practice and advises on the data protection elements of corporate transactions. Hirani, triple-qualified in India, England and Wales and California, and Merchant, who draws on in-house experience from the software industry, work alongside Sujith and co-lead the practice from Mumbai.

Practice head(s):

Akil Hirani; Neerav Merchant; N. Raja Sujith

Key clients

Baidu India Internet Private Limited

Empaxis Data Management India Private Limited

Maven Silicon Softech Pvt Ltd

Work highlights

  • Advising Baidu India Internet Private Limited (subsidiary of Baidu, the Chinese Internet major) on various Indian law matters, including company law, information technology regulations and data protection laws.
  • Advising Empaxis Data Management India Private Limited, a subsidiary of Empaxis US, the first middle and back-office outsourcing company designed to deliver offshore services exclusively to asset managers, hedge funds, and wealth managers, on various corporate, technology and employment law matters.
  • Advised Maven Silicon Softech Pvt Ltd, an Indian VLSI training company, regarding the master service agreement with Synopsys.