Privacy & Data Law - Devika Subbaiah

Legal basis

"Necessary" Is Not the Same as "Convenient." Your Product Team Is Getting This Wrong.

Part 3 of The Legal Basis Playbook There's a word in Article 6(1)(b) that almost nobody reads carefully. The contract basis applies where processing is necessary for the performance of a contract to which the data subject is party, or to take steps at their request

consent

Consent Is Not a Checkbox. It's a Contract You're Already Breaching.

Most organisations collect consent carefully — then quietly breach it through purpose drift, broken withdrawal flows, and AI data reuse. Here's what real consent compliance looks like, and a practical audit you can run this week.

Privacy & Data Law

Your GDPR programme is your DPDPA head start. But only if you know which parts to carry forward

Every DPDPA playbook I have seen starts at zero. Gap assessments built as if the organisation never heard of privacy. Policy templates drafted as if consent frameworks don't already exist. Implementation timelines that completely ignore the three years of GDPR muscle the organisation spent building. I understand why.

Privacy & Data Law

"Same thing, different name." — The myth that's quietly breaking DPDPA implementations.

Built for privacy professionals who live inside the frameworks, not just around them. Practical analysis on GDPR, India's DPDPA, cross-jurisdictional compliance, and the operational layer most legal blogs skip.