IndusLaw remains a popular choice for companies needing preventative advice to navigate the complex landscape of date security compliance in India, as well as for assistance following actual or potential data breaches. On the advisory side, an area of recent growth has been in the field of delivery services. Delhivery was a new client to the team, with practice co-head Namita Viswanath and e-commerce expert Shreya Suri leading advice on structuring its internal data governance. Senior partners Avimukt Dar and Suneeth Katarki oversee the department alongside Viswanath. The team is housed within the firm’s strong TMT practice, though the team’s scope of clients now reaches well beyond those industries. Principal associate Naqeeb Ahmed Kazia joined in October 2021 and is focused on TMT clients in particular and has experience counselling multinationals on data security.
Data protection in India
IndusLaw
Practice head(s):
Avimukt Darr; Srinivas Katta; Suneeth Katarki; Namita Viswanath; Shreya Suri
Key clients
Airmeet
Moody’s
Delhivery
Mobikwik
Mango Sciences
Upstox
Yulu Bikes
Deliveroo
Seagate
Roblox
Glocal
Proximus Group
Work highlights
- Advising digital stock broker Upstox on a breach response for potential data security incidents, related statutory and regulatory compliance, and other internal organisational measures to bolster its data privacy infrastructure.
- Assisted Delhivery on structuring its internal data governance framework and arrangements with its customers and vendors.
- Advised Airmeet on compliance with the regulatory framework under Indian data privacy laws, the California Consumer Privacy Act (CCPA) and GDPR.
Khaitan & Co.
Multinationals in a diverse range of sectors look to Khaitan & Co.‘s multidisciplinary data protection team for assistance with the gamut of advisory matters. The team continues to have an input in the government’s national legislative work on the digital laws front, a complex area still working its way through the domestic courts. Along with core, day-to-day data security advice, the team also excels in matters relating to major transactional matters; for example, co-chair of the practice Supratim Chakraborty led advice to Axis Bank on the complex privacy and data protection elements of its $1.6bn acquisition of the consumer businesses of Citibank India. He was supported by principal associate Sumantra Bose and associate Tashi Gyanee, while in coordinating the department his partner is Harsh Walia, a sought-after counsel for expertise in data privacy and data security laws, as well as issues emanating from cross-border transfers of data.
Practice head(s):
Supratim Chakraborty; Harsh Walia
Other key lawyers:
Shobhit Chandra; Sumantra Bose; Abhinav Chandan
Key clients
Axis Bank Limited
Microsoft Corporation India Private Limited
Reliance Retail Ventures Limited
Temasek Holdings (Private) Limited
BMW India Private Limited
Gilead Sciences Europe Limited
Accenture Solutions Private Limited
Genpact India Private Limited
Work highlights
- Assisted Axis Bank with the privacy and data protection elements of its $1.6bn acquisition of the consumer businesses of Citibank India.
- Advising BMW India on launching new services based on Internet of Things technology and related data security requirements under the law.
- Advising Microsoft India on a host of telecoms and data protection-related matters, including storage of call detail records and logs.
Spice Route Legal
Fielding a dedicated team for data protection, privacy and cyber security, Spice Route Legal is a destination of choice for a considerable client list of both multinational and domestic clients in the core TMT industries and beyond. Practice head Mathew Chacko has recently been assisting Microsoft with the structuring of its cloud-based services Azure and Office 360 so as to comply with India’s pending data privacy laws. Assisting on this and the full scope of the team’s work is standout senior associate Aadya Misra, who also has significant recent experience advising European Union clients on financial services data transfers to India after the Schrems II decision.
Practice head(s):
Mathew Chacko
Other key lawyers:
Aadya Misra; Ankita Hariramani; Shambhavi Mishra
Testimonials
‘Spice Route Legal provides very business-friendly advice. We worked with Mathew and this great team for one or our clients in relation to local Indian law advice. The advice was so to the point and the team answered all our questions in timely manner and without follow up questions.’
‘Mathew Chacko is the best DP lawyer in India that I have worked with. I am very confident to refer him to our clients.’
‘Very few lawyers and law firms understand data protection. SpiceRoute is one of them.’
‘We work closely with Mathew Chako, Ankita Hariramani and Aadya Misra who have been of great help to us. Complex regulatory and data related issues are resolved for us by Spice Route with ease.’
‘Aadya Misra continues to put in the legwork, and both her and Mathew Chako have been willing to act as evangelists when it comes to India’s open data standards across current and upcoming public digital goods. We also had a good experience working with Shambhavi Mishra from the data team.’
Key clients
3M
Adobe Inc.
Airtel
Dell
HDFC Bank
Hewlett Packard Enterprises
Hitachi Energy
ICICI Bank
John Lewis & Partners
Microsoft
Zoom
Aveva Group plc
Calypso Technologies
Emptech Inc.
Fiserv
Disney
Gameopedia
Livspace
Moneyview
SHL Group
Srijan Technologies
Stryker Inc.
Talview Inc.
Tanla Platforms Limited
The Trade Desk
Tricog Health
Urban Company
Yext Inc.
Work highlights
- Advising Microsoft on compliance with India’s upcoming data protection laws.
- Assisted Urban Company with implementing a global data protection plan – including compliance activities in India, Australia, Singapore, the UAE and Saudi Arabia.
- Advising John Lewis & Partners on India’s upcoming data protection law, including conducting a gap analysis between the client’s existing data protection practices and the proposed Indian data law.
Trilegal
Forming part of its leading TMT practice, the Bengaluru-based data protection department at Trilegal is a popular choice of counsel for a large crop of multinationals, which turn to the team for advice on cross-border data transfers, monitoring of compliance with domestic regulations, and any issues arising from potential data breaches. Recent new client to the firm Toyota instructed the firm to assess data privacy implications of a new technology it is implementing to monitor illegal activity in cabs. Jyotsna Jayaram, one of the trio of lawyers that lead the team, was the main contact for Toyota, supported by senior associate Thomas Vallianeth. One of the firm’s founding partners Rahul Matthan co-leads the department with Jayaram and Nikhil Narendran, while counsel Jishnu Sanyal is another name to note, particularly in the technology space for fintech companies and gaming start-ups.
Practice head(s):
Rahul Matthan; Nikhil Narendran; Jyotsna Jayaram
Other key lawyers:
Rachana Rautray
Testimonials
‘The team has vast experience dealing with such issues, and is able to provide a sensible solution which incorporates industry practice. The team is able to provide excellent value for the legal spending.’
‘Jyotsna Jayaram’s team, including Rachana Rautray, is able to provide clear and sensible advice. Their advice is always easy to read and helps makes sense of the regulatory regime in place.’
Key clients
Toyota Connected Japan
Anacap
Work highlights
- Advised Toyota Connected Japan on implementing a technology tool to detect unlawful activities in cabs, and specifically the implications of storing the data in the cloud.
- Assisted Anacap with a review of its global privacy policy and adapted it to meet the requirements of Indian data protection laws.
Ikigai Law
A prestigious and broad base of clients looks to Ikigai Law for guidance in India’s complex data privacy landscape. As well as leading names in the digital technology, e-commerce and fintech sectors, the team also advises government and industry bodies, including IT industry association NASSCOM, which instructed the firm on a first-of-its-kind assessment of the impact of Europe’s top court ruling on EU-India data transfers. This was led by Bengaluru-based practice co-head Nehaa Chaudhari, who heads the firm’s wider public policy department and is well versed in assisting TMT-sector clients. Fellow practice co-heads Anirudh Rastogi and Aparajita Srivastava are based in New Delhi, and both have broad technology sector expertise, with particular strengths in fintech. Principal associate Sreenidhi Srinivasan is a standout expert in the data protection field, supporting partners on the gamut of matters, and Aman Taneja is another contact to note, focusing on intermediary liability and online content regulation.
Practice head(s):
Anirudh Rastogi; Nehaa Chaudhari; Aparajita Srivastava
Other key lawyers:
Sreenidhi Srinivasan; Aman Taneja; Shambhavi Ravishankar
Testimonials
‘Sreenidhi Srinivasan and Shambhavi Ravishankar were very extremely receptive, patient and approachable. They took time to understand our queries and concerns regarding the brief. Their grasp over the subject matter (data security and privacy) helped us repose faith and trust in their work. An extremely important quality we seek is trust, reliability and subject matter expertise. The individuals we worked with were able to deliver on this.’
‘What particularly attracted us to the firm is the niche focus on technology and health law and more specifically supporting organisations in addressing legal, compliance/regulatory concerns on developing technology products.’
‘The team has a strong data practice and is highly competent when it comes to data governance laws. They are able to respond on time and execute well both of which are necessary in the sector. The team is able to combine legal knowledge and policy awareness in their service offerings.’
‘The team has very high levels of understanding of data-oriented businesses and data laws across jurisdictions. The team could bring a lot of value to the table. The data protection team at Ikigai Law is razor sharp and well versed with the relevant data laws around EU, Asia Pacific, and India.’
‘Our experience with Nehaa Chaudhari and her team has been remarkably good for both personal data privacy regulations as well as India’s draft non personal data governance framework.’
‘The individual team members are young, competent, hungry, and humble. I would rate Sreenidhi Srinivasan highly in the team who works with dedication and commitment.’
Key clients
Anheuser-Busch InBev India Limited
Saregama India Limited
Tide Platforms Private Limited
National Association of Software and Service Companies (NASSCOM)
Mobile Premier League
Centre for Mental Health and Policy, ILS
Cross-border Data Forum
Whitehat Education Technology Private Limited
British High Commission
Hevo Technologies India Private Limited
Work highlights
- Advising AB InBev on preparing for India’s proposed data protection law and strengthening its data handling practices.
- Advised Tide on its approach to data in India.
- Acted for NASSCOM in a first-of-its-kind assessment in India, to test how Indian laws will fare against EU standards.
Kochhar & Co.
Stephen Mathias spearheads the data protection practice at Kochhar & Co., which sits within the firm's notable technology law department. The team is a go-to for a number of international law firms when referring work from multinational clients needing advice on the Indian market. Recent changes to the law on breach notifications have kept the team busy, as has its regular advice on data privacy compliance, as the domestic bill on this matter has remained delayed through the court system. Mathias leads on all of the firm’s data privacy work, supported by cybersecurity expert Arun Babu. Naqeeb Ahmed Kazia left the firm in October 2021.
Practice head(s):
Stephen Mathias
Other key lawyers:
Arun Babu
Nishith Desai Associates
The dedicated privacy and data protection team at Nishith Desai Associates takes an industry-focused approach in advising multinational clients on various requirements under data protection law in India and its interplay with GDPR and other international rulings in the field. In Mumbai, Gowree Gokhale co-heads the team and is also the head of the technology and pharmaceuticals departments, while Aarushi Jain specialises in the technology and media sectors. Rounding out the trio of practice heads is Huzefa Tavawalla, who is based in Bengaluru. Associate Aaron Kamath is the lead contact for the TMT and regulatory practice and assists with the range of data privacy matters.
Practice head(s):
Gowree Gokhale; Huzefa Tavawalla; Aarushi Jain
Other key lawyers:
Aaron Kamath; Indrajeet Sircar; Jaideep Reddy
Samvad Partners
Samvad Partners continues to be regularly involved in India’s burgeoning data privacy market. Having guided clients through the implementation of the European GDPR and the Indian PDP Bill regulations, the team has recently supported various companies with non-personal data regulation. A trio of lawyers jointly coordinate the department: in Bengaluru, TMT experts Nivedita Nivargi and Neela Badami keep clients in those sectors abreast of the latest data privacy regulations, while Rohan George in Chennai approaches this area of law from a background in IP, with experience assisting clients since the introduction of data protection rules under the Information Technology Act in 2011. Natasha Mahajan has a particular interest in the interplay between finance and technology, and at the senior associate level, Kevin Robin and Nivedita Udupa are further names to note. Associate Sriya Sridhar‘s broad practice includes advising on GDPR compliance, cross-border data transfers and privacy risk assessments.
Practice head(s):
Rohan George; Neela Badami; Nivedita Nivargi
Other key lawyers:
Kevin Robin; Savani Gupte
Key clients
ADReS
Altlifelab Solutions Private Limited
Craft Council of India
Dhiway Networks Private Limited
FA Consulting
Freshworks Ltd
Gildemeister Beteiligungen GmbH (DMG Mori AG)
Hevo Technologies India Private Limited
Joveo Inc
Moveinsync Technology Solutions Private Limited
Socion Advisors
Sundaram Finance Ltd
Work highlights
- Advised Algonomy Software and its US-based subsidiary Manthan Systems on data privacy compliance.
- Advised DHIway Networks on its role as an intermediary and relevant data protection compliance.
- Advising Freshworks on the legality of conducting psychometric evaluations on employees from a data protection perspective.
AZB & Partners
As part of its offerings in TMT, fintech and intellectual property, AZB & Partners keeps clients abreast of all data protection law updates in India. The firm advises on shareholder consultations regarding management of private data, dealing with potential data breaches, and the drafting of privacy policies. Among the key lawyers to note are Mumbai-based IP and IT specialist Nandan Pendsey; Anind Thomas in Bengaluru, who has experience advising on regulatory issues across Asia; and counsel Gautam Rego, also in Bengaluru, who assists with the full spectrum of matters in this space.
Other key lawyers:
Nandan Pendsey; Anind Thomas; Gautam Rego
Key clients
Workspaces
DSK Legal
Rishi Anand is the main contact for data protection matters at DSK Legal, leveraging his expertise as the leader of the firm’s wider technology practice group to assist relevant clients with their compliance concerns in the Indian market. The team is also well versed in data concerns as part of M&A, for which corporate law partner Nakul Batra is the name to note.
Practice head(s):
Rishi Anand
Other key lawyers:
Nakul Batra; Chirag Jain
Key clients
Amazon Digital Services Private Limited
Blue Dart Express Limited
Guangdong OPPO Mobile Telecommunications Corp., Ltd.
HDFC Securities Limited
Herbalife International Inc., USA and Herbalife International India Private Limited
House of Masaba Lifestyle Private Limited
Mohalla Tech Private Limited
MoneyClub Technologies Private Limited
Moody’s Shared Services UK Limited
OnePlus Technology (Shenzhen) Co. Ltd.
Promoters of Competent Synergies Private Limited
Reliance Retail Limited
Shenzhen TCL Digital Technology Ltd.
Shenzhen Transsion Holdings Co., Ltd.
STT Global Data Centres India Private Limited
Voestalpine AG
Wingtech Technology Co., Ltd
Wingtech Mobile Communications India Private Limited
Work highlights
- Assisted OnePlus Entities on various data privacy issues, including the consent requirements for sending marketing communications by email, SMS and telephone.
- Advised Reliance Retail on its numerous concerns regarding compliance with domestic data privacy laws.
- Assisted Nordex SE with the data protection requirements for the implementation of its stock option programme.
Majmudar & Partners
Majmudar & Partners draws the bulk of its data protection instructions from its considerable TMT practice but is increasingly broadening its coverage in this practice area, reflecting the importance of data privacy in a wide range of industries. The department is jointly led by Akil Hirani
and Neerav Merchant in Mumbai, and N. Raja Sujith in Bengaluru; Sujith putting particular focus on this area in 2021 and 2022, especially for his technology sector clients. Corporate partner Amrit Mehta is another contact to note for data privacy issues.
Practice head(s):
Other key lawyers:
Amrit Mehta
Key clients
Ichuanke Inc.
Baidu India Internet Private Limited
Gallagher Operations Support Services Pvt. Ltd.
Frontdoor, Inc.
Work highlights
- Advised Baidu India Internet on its obligations under India’s information technology and data protection laws on account of Baidu acting as an online advertiser in India.
- Assisted Gallagher Operations Support Services with data privacy issues in relation to collection and retention of its employees’ Covid-19 vaccination data.
- Advised Frontdoor on data privacy law issues in connection with its Indian subsidiary, Frontdoor India.