The successful completion of the Audit of the website will result in issue of a Certificate and A Badge as indicated in the sample. It will be specific to the website audited and is restricted to compliance for processing of information of web visitors only. It is not a corporate compliance certificate. It is only a “Process Oriented Compliance Certificate” and will involve compliance of relevant aspects of DPDPA 2023 with ITA 2000 as per DGPSI framework.
Advocate M G Kodandaram is a member of FDPPI and contributes his valuable thoughts on many legal issues related to Privacy and Data Protection.
In a series of articles, Mr Kodandaram is presenting his views on DPDPA which will be available here.
Views expressed here may be considered as the personal views of Mr Kodandaram.
FDPPI commenced its Privacy Day celebrations for the 2024 with an event at CarlZeiss Bangalore on 19th January 2024. Naavi and Ramesh Venkataraman participated in th inhouse meeting where senior executives from Carl Zeiss from India and Germany participated. The discussion was centered around the impact of DPDPA 2023 on the Healthcare industry. In the process the principles of Privacy under GDPR was also discussed.
There are 3 more events planned by FDPPI for this year’s Privacy Day celebrations on 27th and 28th of January 2024.
On 27th January 2024, Hyderabad Chapter of FDPPI will be conducting an event as per details below. It would be a hybrid event.
P.S: Confirmation from Chief Guest Awaited
At Bangalore, FDPPI along with Manipal Law School Bangalore, CSA Bangalore, and BSPIN will be organizing one event on 27th January and another on 28th January 2024.
Both will be hybrid programs. Registration for physical events have been closed. Registrations for virtual presence is open.
Kindly await further information on the registration link or send an email to fdppi4privacy@gmail.com : attn: T C Manju
In an effort to encourage its members to develop products and services in Privacy and Data Protection and generate IP in the domain, FDPPI is setting up a Center of Excellence and provide mentoring guidance leading to development of innovative products.
Where necessary experts associated with FDPPI will provide guidance and assistance in filing Patents so that over a period valuable IP may be developed in the domain.
Watch out for more details in this regard.
Naavi
FDPPI conducted a one day workshop on DPDPA 2023 and DGPSI with the CIOKlub, Pune on 6th January 2024.
During the day a very fruitful discussion was held with nearly 50 senior CIOs from different companies in Pune.
CIOKlub is presently working on conducting similar programs at other chapters of the organization during the next 3-4 months.
FDPPI would like to celebrate 2024 as the year of DPDPA 2023 compliance. After a long wait, the act has come into existence. Irrespective of the debate on its adequacy, FDPPI would like to dedicate the year 2024 for DPDPA 2023 compliance with as many activities as possible for spreading the knowledge of DPDPA 2023 across the professional world.
Watch out for more announcements in this regard.
FDPPI successfully completed the two day physical conference IDPS 2023 on te theme of Privacy Challenges from the emerging technologies such as AI, Metaverse. Quantum Computing and Blockchain based crypto currencies as well as Neuroscience also found some reference in the discussions. The DPDPA 2023, the upcoming DIA and the GDPR also was discussed to a brief extent.
One of the key thrusts was how to be compliant with DPDPA 2023 and the answer was provided in the form of DGPSI or Digital Governance and Protection Standard of India. Naavi not only pressed that DGPSI is the only framework at present for DPDPA 2023 and it incorporates the requirements of ITA 2000, BIS standard (draft released on August 10 2023) embracing the principles of ISO 27701 to the extent necessary.
Naavi gave a call to all ISO auditors to add DGPSI audit to their portfolio with a Six hour training on DGPSI and taking an examination for C.DPO.DA. which incidentally includes knowledge of DPDPA 2023, GDPR, US data protection laws and Singapore PDPA.
The exclusive program will be held in the month of December or early january once the Government notifies the DPB and initial rules.
Shortly Naavi will release his new book on DPDPA 2023 and DGPSI which will cover the DPDPA 2023 and DGPSI. Material on GDPR and other global laws will be available as a supplement to the book and together would form the basic reading material.
While training partners of FDPPI will continue to provide their virtual and physical trainings, current ISO auditors who have certifications as lead auditors of ISO 27001 with or without ISO 27701 experience as well as current CIPP certified persons can appear for the C.DPO.DA.exam directly. The passing of C.DPO.DA. would however require the knowledge of DPDPA 2023 and DGPSI. The attendance of DGPSI element of training would be mandatory while the other trainings are optional.
The pricing of FDPPI programs have been revised accordingly. Once the next exam date is announced, those persons who attended the last training program on Module A will be allowed to take the exam with whatever fees had been prescribed earlier. The new prices will be applied from 1st December 2023.
With this FDPPI will try to be focussing on examination and certification while the training partners will focus on training. While Cyber Law College will continue to be one of the training partners, other training partners who can conduct classes on Module I and Module G are welcome to register as Supporting Members/Training Partners and conduct training programs on a franchise model. In particular we are looking for individuals and organizations who can conduct physical programs at different locations in India or abroad. Details can be obtained from FDPPI.
FDPPI has been in the forefront of empowerment of Professionals and Organizations for Personal Data Protection in India.
During the five years since its inception, FDPPI has introduced India specific Certification Program for Data Protection Professionals and today if any person is aspiring to be a DPO or undertake the profession of a Data Auditor, the clear destination is FDPPI.
Similarly if any organization is looking for a framework for compliance of DPDPA and Indian Data Protection Regime, the clear and only choice is DGPSI or Data Governance and Protection Standard of India.
While FDPPI’s C.DPO.DA. Certification program is the preferred choice for professionals over every other certification program on the basis of content and DGPSI based audit and assessment is the only choice for organizations for Certification for DPDPA compliance, FDPPI would like to be an organization that takes along all organizations and professionals with similar objectives to come together as a “Federation of Data Protection Professionals” in India.
FDPPI therefore has introduced a “Cross Certification Program” to recognize the efforts and investments made by professionals in acquiring qualifications like CIPP or CDPSE Certification and provide them an exemption from part of the training of C.DPO.DA. Though these programs only focussed on GDPR and not on DPDPA, considering the general training they have received in Privacy, we would provide them a short cut to completion of C.DPO.DA.
Currently auditors certified as “Lead Auditors” of ISO 27001 or ISO 27701 or PCI DSS, undergo intense training in audit aspects but not necessarily in any law since these audits are purely technical in nature and not Techno Legal in nature. However, considering their exposure to the industry, Accredited ISO lead auditors will be provided an accelerated path to becoming C.DPO.DA. auditor.
This is an attempt to follow the principle of “Sab Ka Sath-Sab Ka Vishwas” .
The accelerated path to C.DPO.DA. works as under.
Currently C.DPO.DA consists of three parts namely Module I, Module G and Module A.
Module I covers DPDPA and ITA 2000 (DIA when available)
Module G covers GDPR, US Data Protection laws, Singapore/DIFC laws
Module A is sub divided into two parts namely the first part consisting of essence of Audit Principles, ISO 27001 and ISO 27701 and second part which consists of DGPSI framework.
In what is proposed, professionals with current active certifications from IAPP and ISACA can directly take up Module A (both Part 1 and part 2 required). The Accredited ISO auditors can directly take Part 2 of Module A.
All professionals need to take the online examination for C.DPO.DA and pass through in one or more attempts. They can opt to take the training if required at any point of time though video streaming.
The Cost of the these accelerated programs from 1st November will be as follows:
Module A: Both Part 1 and Part 2: Rs 24000/- Plus GST of 18%
Module A-Part 2 only: Rs 12000/- plus GST
Examination fee: Rs 10000/- for first attempt and Rs 5000/- for second and subsequent attempts (plus GST)
Next Program for Module A will commence on October 28,29 and November 3/4
Naavi
FDPPI has been a leading Data Privacy Certification agency in India. It’s flagship Certification program C.DPO.DA is a specially constructed Certification program for professionals engaged as “DPO” in Indian Companies or propose to be “Data Auditors” as envisaged under DPDPA 2023.
Indian Companies are exposed to both Indian data protection laws as well as laws of other countries if they are collecting and processing significant amount of data from outside India. Hence they need to be compliant with multiple data protection laws.
Further, FDPPI has structured a Compliance Framework namely Data Governance and Protection Standard of India (DGPSI) which is a Certifiable framework that can be used as an implementation guideline for “DPDPA Compliance By Design” and also for third party certification from accredited FDPPI auditors and further for Compliance maturity assessment through the system of DTS (Data Trust Score).
The C.DPO.DA, program therefore has three modules namely Module-I (Indian data protection laws), Module-G (Global Data Protection Laws) and Module-A (Audit requirements).
Module I covers DPDPA 2023 and ITA 2000 from the perspective of Personal Data protection and management as required under these laws.
Module G covers GDPR, US Data Protection laws such as HIPAA, CPRA and Singapore PDPA 2012 to provide a flavour of how international data protection laws impact an Indian company.
Module A covers the audit requirements for compliance of DPDPA 2023, relevant aspects of ITA 2000, ISO 27001, ISO 27701 and a detailed discussion of DGPSI as a audit framework.
It is the philosophy of FDPPI to make Compliance less complex and less burdensome to the organizations. Over a period the Certification industry both for individual professionals and organizations have grown into a maze of multiple certifications increasing the cost of Compliance and complexity of certification.
Typically today even in the Information/Data Security domain only, an organization goes through ISO 27001, ISO 27701, PCI DSS, SOC 2 etc. Similarly an individual professional undergoes multiple Certifications like CIPP-E,CIPP-US, CDPSE etc. Professionals and organizations also incur additional expenditure on maintenance of such certifications.
Despite the huge expenses none of these Certifications address the issue of Indian DPDPA compliance either in terms of building the knowledge at professional levels or in compliance by organizations.
All these increase the cost of professional qualifications, increases expectations of salary and increase in the cost of administration of compliance by organizations. SMEs/MSMEs will not be able to meet these costs and therefore may be forced to end up compromising information security.
FDPPI which is committed to societal benefits has therefore come up voluntarily to provide recognition of earlier certification by Professionals and allow them to become C.DPO.DA
Recognizing the historical fact that some organizations have already been present in the certification under global laws, FDPPI has decided to voluntarily offer a “Cross Certification” system to recognize the Certification already undergone by different professionals.
Accordingly, FDPPI will offer exemption from Module G to all those professionals who wants to take up C.DPO.DA examination for those who hold CIPP certifications from IAPP provided they provide the necessary proof of completion.
Similarly, for those who are qualified as Lead Auditors under ISO 27001/27701 programs, a direct entry to the last part of Module A on DGPSI would suffice to take the C.DPO.DA examination.
However passing the exam would be mandatory for certification.
This will ensure that the investments made by professionals in such programs will not go waste as they become C.DPO.DA. certificate holders.
Watch out out for more information on this …
Commemorating of October 17 every year as the day on which Indian Digital Society was born since the legal recognition of electronic document was first provided in India through ITA 2000 which was notified on October 17, 2000, has been a practice of Naavi for last two decades.
Last year we had a great virtual event under FDPPI banner. This year we had Manipal Law School (MLS) also join in the activity. I was doubly happy since even KLE Society with which I had conducted many such events in the past also was present on the occasion,.
The event was titled as “Jago Regulators Jago” recognizing that the “Awareness” programs which we are conducting for several years now to say that “Public need to be aware of Cyber Risks”, need to be elevated to an awareness of the regulators.
By regulators in the context of Cyber Crimes, we include Police, the Adjudicators under ITA 2000, the MeitY, MHA and the CERT IN.
The event saw the participation of Dr Triveni Singh along with a battery of professionals from industry, academia. Several advocates also participated in the half day conference held at MLS campus, Yelahanka, Bengaluru and also webcast in real time. Mr Balu Swaminathan, President of Cyber Society of India, Chennai who was associated with Naavi on several Cyber Crime investigations in Chennai was a special guest on the occasion. Dr Gulshan Rai could not join due to urgent alternate commitments.
Some very good suggestions have come forth during the event which will be added to this first report of the event.
The video of the event is available below.
Some of the photographs marking the attention are here
Naavi
