Five Year Journey of FDPPI

On 17th September 2018, Foundation of Data Protection Professionals in India (FDPPI) obtained its Certificate of Incorporation. It must be considered as a day of great significance to the Privacy and Data Protection industry in India since this organization was an organization of the Professionals, By the Professionals and for the Industry.

It may be considered that GDPR which became effective from 25th may 2018 and caused a big flutter in the Indian industry with the fear of extra territorial jurisdiction was the driving force behind the formation of FDPPI.

By January 2018, India had started working on its own Data Protection Law and on January 13th, the Justice BN Krishna Committee held a public consultation in Bangalore

Naavi started a campaign for building awareness about GDPR and its impact on India highlighting “Today is GDPR Day…Love it or hate it, you cannot ignore it”. Additionally Cyber Law College in June 2018 started a course on GDPR on the Apnacourse.com platform (Presently not available) and called for “Tame the Monster of GDPR”.

By June 21, 2018, Cyber Law College introduced an integrated examination combining the then existing Certified Cyber Law Professional, Certified HIPAA Aware professional and Certified GDPR Aware Professional and called it as “Certified Indian Data Protection Professional”.

By July, a draft of the Bill proposed by B N Srikrishna Committee became available and discussions shifted to the proposed Indian law.

In this background FDPPI was contemplated and with the encouragement of many of the industry friends it was decided to start FDPPI as a Section 8 company. Mr Nagendra Javagal came forward to be the other Promoter Director as FDPPI filed its MOA and got its Certificate of Incorporation.

On December 7, the first batch of Certification Course in PDPA (CPDPA) was started and an era of Indigenous Certification for Privacy was started. Since at that time IAPP nor DSCI did not have a similar course on Indian data protection law, FDPPI became a pioneer in Privacy Education in India in collaboration with Cyber Law College.

By Data Privacy Day 2020 (January 2020), Naavi’s E Book on Personal Data Act was published and became the first such book in India.

By June 29, FDPPI introduced Module G of its certification program covering GDPR and other global laws.

While India struggled with Covid and JPC struggled with PDPB 2019, FDPPI continued to upgrade its programs from PDPB 2018 to PDPB 2019.

In November 2020, FDPPI embarked on IDPS as its flagship program on Data Privacy which has since seen IDPS 2021 and IDPS 2022.

In December 2020, FDPPI introduced the Module A training program based on PDPSI and DTS assessment completing the DPO training loop from Module I, G and A.

In January 2021, the Data Protection Journal of India (DPJI) was started though it remains under suspension after July 2022.

As JPC presented the new version DPA 2021, FDPPI upgraded its certification program and kept in tune with the developments.

Finally when DPA 2021 was withdrawn, there was a sudden lull in the market but we went ahead with discussions on “Shape of things to come” and held IDPS 2022 under this theme.

Now as we prepare for IDPS 2023, the Government has passed DPDPA 2023 and FDPPI Certification programs have been upgraded once again to DPDPA 2023. The first batch of Certified DPO and Data Auditors under the new DPDPA 2023 passed out today .

FDPPI has now embarked on another global mission of developing the PDPSI framework into DGPSI framework (Data Governance and Protection Standard of India) incorporating the recommendations of BIS on Data Privacy in its Data Governance Standard.

FDPPI has also recently introduced the Indian National Register of Data Protection Professionals to create a recognition for trained professionals. This is intended to be supported by the FDPC (Federation of Data Protection Professionals in India as a service exchange platform). FDPC and DDMAP (Data Disputes Mediation and Arbitration Platform) are two platforms creating professional engagement opportunities for trained professionals from FDPPI.

Thus FDPPI has moved in 5 years to a pole position in the industry. Its weekly Jnaana vardhini sessions are a great resource for continued education and the Unique DDMAP (Data Disputes Mediation and Arbitration Platform ) is ready to provide support to the industry with another first for the country.

Towards this end of the 5th year we had the privilege of honouring Sri K S Puttaswamy (Retd Justice) as Privacy Pitamaha, etching the name of FDPPI in the history of Data Privacy in India.

Future appears bright, with nearly 400 associates who are together promoting FDPPI as members and supporters.

Presently FDPPI can boldly state that with its own Certification Program and Certifiable Framework for Audit and Assessment of Data Protection Compliance for DPDPA 2023, ITA 2000 and BIS data governance standard, FDPPI has firmly entrenched itself as the leader of Data Privacy in India.

I thought it was time to reflect on the past as we look forward to the future with optimism.

Naavi

Posted in Uncategorized | Leave a comment

New Compliance Framework DGPSI Released

FDPPI which is in the forefront of Privacy and Data Protection Compliance related activities in India released a framework for Compliance and Certifiable Audit titled “Data Governance and Protection Standard of India (DGPSI) in Bangalore at Hotel Chancery.

The Following press release was issued on the occasion.

PDF version of the press release available here

The Framework DGPSI is a unique framework which is a combination of DPDPA 2023 compliance requirements, ITA 2000/8 compliance requirements as well as the Draft BIS standard on Data Governance and Management.

FDPPI has developed the standard to replace all other frameworks presently being adopted for compliance to DPDPA 2023. This framework-DGPSI would be available for the industry for developing a Business System of DGPMS which can be also certified by accredited auditors of FDPPI.

This unified framework is open for one unified audit and certification instead of three separate audit and certification for DPDPA Compliance, ITA 2008 compliance and BIS-DGDMS compliance.

FDPPI will be conducting separate training programs for training professionals under this framework and the first of such program will commence by the end of OCtober 2023.

With this FDPPI is ushering in a new era in Data Protection Compliance audits in India.

Enquiries from organizations interested in getting certified as “FDPPI Accredited DGPMS auditors” may be sent to the undersigned.

Naavi

Posted in Uncategorized | Leave a comment

Privacy Pitamaha Award for Justice Sri K.S.Puttawamy (retd)

Justice Sri Koratagere S Puttaswamy (retd) the petitioner on the Supreme Court case which led to the Privacy Judgement of the Justice Kehar bench on 24th August 2017 and the passing of the DPDPA 2023 was honoured in a historic event at Bengaluru on 24th September 2023 with a title “Privacy Pitamaha”, by FDPPI and Manipal Law School.

The 98 year old Sri Puttaswamy was honoured in a simple ceremony at his residence while in a Press Conference at Hotel Chancery, Lavelle Road, a detailed discussion was held and the following press release was issued.

PDF Version of the above press release available here

The following Citation was presented during the event.

Naavi

Posted in Uncategorized | Leave a comment

The Journey to be a Certified DPO and Data Auditor

Naavi’s Cyber Law College has just completed the first batch of CDPP-Module I as a 4 day week twelve hour program. The program is a one of its kind program which combined Privacy and Data Protection from DPDPA 2023 as well as ITA 2000.

A new module on Audit called Module A will start in October towards the third week as a week end program (3 hours per day probably for a total of 12 hours). This will again be one of its kind program which will cover different frameworks including ISO 27701, BIS’s Adequacy of Data Governance and Management Standard and the FDPPI’s Data Governance and Protection Standard of India (DGPSI).

For those of you who missed the last Module I, and have to go through Module G before they take up Module A to complete the three parts leading to C.DPO.DA, which will be a coveted certification with registration in the Indian National Register of DPOs and membership of FDPPI, we are leaving another month before we start Module A.

Those who are interested should immediately start taking the course on Recorded mode and use the mentoring sessions in between as and when required where they can interact with our faculty.

Opportunities fly past, One has to be alert to catch them before they pass by….

Naavi

Posted in Uncategorized | 1 Comment

Justice K S Puttaswamy honoured as “Privacy Pitamaha”

Justice (Retd) Sri K.S. Puttaswamy, the person who initiated the Supreme Court petition on Privacy which finally ended up with the judgement on August 27, 2017 that Privacy is a Fundamental Right in India, is today 98 years old and lives a quiet life in Bengaluru. At a time when the industry is celebrating the advent of the new law, we considered it necessary to recognize the man behind this watershed moment in India.

Accordingly the Board of FDPPI passed a resolution that we should confer a title “Privacy Pitamaha” on him and today called on him at his residence to convey it to him through a simple meeting. Dr Avinash, Dean of of Manipal Law School joined FDPPI on this occasion to support the initiative.

We feel a sense of satisfaction that the contribution of this senior citizen who created history in India was recognized by FDPPI. We feel honoured by honouring him.

Posted in Uncategorized | Leave a comment

Open the LID of Consciousness

FDPPI is introducing a Leadership Initiative for DPDPA Consciousness (LID) to conduct a 90 minute session for top leadership team of any Company on the Impact of DPDPA on their organization.

This could be an initiative that should be taken by the Board even before they go about appointing a DPO.

Requests can be made through any of the Chapter heads of FDPPI at Bangalore, Chennai, Mumbai, Kolkata, Hyderabad, Nagpur, Pune and Bhuvaneshwar or directly to the attention of our Advisor Operations at the Head office at fdppi4privacy..@..gmail.com

Naavi

Posted in Uncategorized | Leave a comment

Indian DPO certification Course from FDPPI

FDPPI has recently launched the first batch of DPO training, Module I on 26th August. The Second batch will commence on 2nd September to a close group of trainees.

In the meantime the Course will continue to be available on tap in the Recorded mode with two mentor sessions of 60 minutes each.

In October the second leg of the Indian DPO Certification Course will commence. This program will discuss the Data Audit under the framework of PDPCSI (Personal Data Protection Compliance Standard of India) (12 hours of virtual training). On Completion of the two modules namely Module I and Module A, the trainees will have a knowledge of DPDPA 2023, ITA 2000 and Requirements of being a DPO and an independent Data Auditor.

The different combinations of trainings conducted by FDPPI are as follows.

1 Indian law only (DPDPA and ITA 2000)  CDPP.India  Rs 15000/-
2 Data Audit under DPDPA: Data Audit+PDPCSI C.DPO.DA (Foundation) Rs 24000/-
3 Indian DPO. DPDPA+ITA 2000+Data Audit+ PDPCSI C.DPO.DA (Foundation) Rs 33000/-

With any of the above three modules, Module G on Data Protection laws which includes EU GDPR and CPRA, HIPAA may be added at an additional cost. (Recorded mode with mentor assisted sessions).

Completion of all modules will entitle the Certificate C.DPO.DA (Global) and together is priced at Rs 45000/-

All fees are inclusive of GST

Trainees will be entitled to Basic Membership of FDPPI and Registration in Indian National Data Protection Register.

Trainees can opt to obtain participation certificate or optionally take an online examination. Participation Certificate would mention “Undergone a Training”. Certificates of those who take the examination will mention ” Under gone a training and passed the examination”.

Interested persons can complete the form below and make the payment.

Application for Enrollment for Certification Program

Registration for Certification Modules

P.S: Training is offered by Cyber Law College (Ujvala Consultants Pvt Ltd) as Training Partner

For more details, contact FDPPI over email. over fdppi@ fdppi.in

(Kindly note that any payment made to FDPPI for training and any payment made to Cyber Law College/Ujvala Consultants Pvt Ltd for FDPPI membership would be internally reconciled)

Posted in Uncategorized | Leave a comment

Module I Virtual Training Register here

FDPPI’s first batch for training in Certified Data Protection Professional-Batch I will commence on 26th and 27th and September 2 and 3 . It is an online batch for 12 hours to be conducted between 2.30 pm to 5.30 pm. Fees Rs 15000/-

Complimentary registration in the Indian National Register of Data Protection Professionals in India. (worth Rs 30o0/-) is included.

Will be considered as Part of the Certified Data Protection and Data Auditor program scheduled for October.

Coverage will include DPDPA 2023 and ITA 2000 as relevant.

Application for Enrollment for Certification Program

Registration for Certification Modules

P.S: Training is offered by Cyber Law College (Ujvala Consultants Pvt Ltd) as Training Partner

Please pay Rs 15000/- (Inclusive of GST of 18%) 

For more details, contact FDPPI over email. over fdppi@ fdppi.in

(Kindly note that any payment made to FDPPI for training and any payment made to Cyber Law College/Ujvala Consultants Pvt Ltd for FDPPI membership would be internally reconciled)

Posted in Uncategorized | 2 Comments

DPDPB 2023: Round Table

Just as the DPDPB 2023 was tabled in the Parliament on 3rd August 2023, FDPPI as the most committed data protection organization of India, held a Virtual Roundtable on 4th August 2023. Manipal Law School, (MLS) part of the Manipal Academy of Higher Education (MAHE) partnered FDPPI in this event.

The roundtable discussed several issues surrounding the bill including whether DPDPB2023 is a money bill, the rights and obligations under the bill, Whether DPB is well constituted, etc.

Dr Avinash Dadhich, Dean of MLS was the special guest and participated actively in the discussions.

The event also marked the first event conducted by FDPPI partnering MLS and look forward to more such events.

Naavi

Posted in Uncategorized | Leave a comment

Partner in Progress Approach of FDPPI for Privacy and Data Protection Management

Personal Data Protection and Governance Management (PDPGM) in a corporate entity is a complex journey.

-It requires discovery and tracking of the data asset, Classification into different categories of data, Different Sensitivity types, Different Law jurisdictions, Different Value buckets etc.

-It also requires applying Organizational and Technical measures appropriate to each type of data and building a Privacy and Data Protection Culture across an organization.

-It also includes Data Governance aspect of “Monetization” and “Cross Border Transfer” strategies that are Law compliant.

Current approach of all organizations is for a Company to establish Privacy by Design Program involving management of “Legal basis” for personal data collection and processing, “Security measures” for protecting the Confidentiality, Integrity and Availability of digital information, which is monitored by the Data Protection Officer and periodically audited by an external Data Auditor.

In this process the Company is responsible for understanding the requirements, converting them into Policy and Technology controls and the Auditors verify and give their expert views.

In a scenario where the Privacy and Data Protection scenario is evolving and new laws are appearing every other day, new interpretations are evolving every day, a company engaged in productive business has to divert a large part of its resources to meet the requirements. In a large organization, there is a need to set up a Privacy Department and a DPO to supplement its CEO/CRO/CCO to achieve an acceptable level of compliance.

FDPPI as an organization with an objective of empowerment of the Data Protection eco system in India, has adopted an approach of Concurrent Consulting which involves a close interaction with the company in the designing and implementation of the Privacy and Data protection program with Concurrent audit and Continuous improvement.

In this model, a team of FDPPI is associated as an external PDPM consultant and works closely with the Company in assisting the designated Privacy Management team and the DPO. The project is managed by the designated Supporting members of FDPPI.

This is the “Partner In Progress” (PIP) approach of FDPPI where the FDPPI team would be involved in designing of the PDPM program, assisting the Company in its implementation and periodically reviewing the functioning of the PDPM program, suggesting and implementing corrections on a continuous PDCA cycle.

It is expected that this approach would be more suitable to the Indian market which is in the developmental stage where Privacy as a concept is new and companies have to put in extra efforts to adopt to the new global culture where Privacy infringements are considered one of the biggest regulatory threats which could result in penalties reaching upto a billion US dollar.

The engagement would be on a retainer basis with additional services sourced either from within the supporting member network or outside and billed as necessary. The team would design and implement the system on a best effort basis.

The system of an external data auditor which is inherent in the Indian law will ensure that the work of the FDPPI consultancy team is reviewed by an external auditor and should satisfy the puritans who fear conflict.

It is desired that after the system is stabilized, the FDPPI team can exit and handover the maintenance to an internal Privacy and Data Protection management team.

This arrangement is considered ideal when an organization is going through a Digital Transformation and implementing a switchover from the current privacy nd Data Protection regime under ITA 2000 to the DPDPB regime.

Posted in Uncategorized | Leave a comment