On January 21, 2026, reporting described how major hospital chains and health insurers are accelerating preparations for the Digital Personal Data Protection (DPDP) regime, noting that the law comes fully into force on May 13, 2027. The article quotes Narayana Health and Manipal Hospitals on updating privacy policies, strengthening consent mechanisms, conducting internal training, and implementing tools to support compliance. It also stresses a detail many HR leaders miss: DPDP is not only about patient data. Manipal Hospitals' CIO is quoted as explicitly calling out employee data, supplier data, and third-party handled data as part of the DPDP scope.
This is an "invisible fear" story. Patients fear exposure because health data can destroy social standing. Employees fear exposure because HR data can destroy careers: medical leaves, performance notes, background checks, salary details, and even grievance records. In healthcare and insurance, where sensitive data moves constantly, one breach does not feel like a technical incident, it feels like betrayal by the institution that asks for trust as a business model. Internally, this changes behavior: staff become reluctant to report issues, seek medical help, or disclose needs, because they cannot be sure who can see what. A privacy law becomes a culture law the moment people start self-censoring.
From a compliance lens, DPDP readiness must be owned by leadership, not parked with IT. DPDP Rules, 2025 were notified by the Government of India in November 2025, and the transition window to May 2027 is short in operational terms because it involves vendor mapping, retention rules, consent workflows, breach response drills, and continuous auditing. HR's exposure is direct: recruitment data, payroll, benefits, medical insurance records, background verification, and disciplinary files. Privacy-by-design now becomes a workplace control: define who can access employee data, why, for how long, and how you prove it. Organizations that treat DPDP as a checkbox will discover the real penalty first: loss of trust that no policy memo can restore.
@ETtech, @PIB
If an employee cannot trust HR with their data, can they ever truly trust HR with their truth?
What is the one HR dataset in your organization that would cause maximum harm if leaked - and why do you still store it the way you do?
Acknowledge(0)
Amend(0)
7This is an "invisible fear" story. Patients fear exposure because health data can destroy social standing. Employees fear exposure because HR data can destroy careers: medical leaves, performance notes, background checks, salary details, and even grievance records. In healthcare and insurance, where sensitive data moves constantly, one breach does not feel like a technical incident, it feels like betrayal by the institution that asks for trust as a business model. Internally, this changes behavior: staff become reluctant to report issues, seek medical help, or disclose needs, because they cannot be sure who can see what. A privacy law becomes a culture law the moment people start self-censoring.
From a compliance lens, DPDP readiness must be owned by leadership, not parked with IT. DPDP Rules, 2025 were notified by the Government of India in November 2025, and the transition window to May 2027 is short in operational terms because it involves vendor mapping, retention rules, consent workflows, breach response drills, and continuous auditing. HR's exposure is direct: recruitment data, payroll, benefits, medical insurance records, background verification, and disciplinary files. Privacy-by-design now becomes a workplace control: define who can access employee data, why, for how long, and how you prove it. Organizations that treat DPDP as a checkbox will discover the real penalty first: loss of trust that no policy memo can restore.
@ETtech, @PIB
If an employee cannot trust HR with their data, can they ever truly trust HR with their truth?
What is the one HR dataset in your organization that would cause maximum harm if leaked - and why do you still store it the way you do?
Acknowledge(0)Amend(0)CiteHR is an AI-augmented HR knowledge and collaboration platform, enabling HR professionals to solve real-world challenges, validate decisions, and stay ahead through collective intelligence and machine-enhanced guidance. Join Our Platform.
HR Manual (Employee Hand Book).doc
Employee Data - Format.xls