IDPS 2024 concludes

The two day event Indian Data Protection Summit 2024 came to a successful conclusion with the valedictory function where Dr Bharat Panchal of Bhima Sugam gave the valedictory address. Mr Abhishek Solanki, senior scientist from CERT-In was a gues of honour along with Mr Yashvantha Kumar of Cyber Crime Division Bangalore and Dr A Nagaratna of NLSUI.

 

During the two days, more than 56 speakers participated in the program including 13 from outside the country. The 8 key notes, 7 panel discussions and 4 Focus Group discussions made the conference a wholesome event. With an excellent organizational support from the KLE, and special efforts of Suresh Balepur, and Ashok Kini, managing the hospitality, the event was memorable.

The publication of the book “DGPSI-The Perfect Prescription for DPDPA compliance” during the event marked a significant development of FDPPI’s efforts to facilitate DPDPA compliance in the industry. Hopefully this would also be a significant milestone in the development of Data Protection Compliance in India.

The set of these twin books would server the purpose of providing the information on Privacy as a Fundamental right, the DPDPA as an act, the Governance aspects related to Data protection and the practitioner’s guide for implementation and audit. Though the rules are yet to be notified for DPDPA, the DGPSI booklet serves presently as a Jurisprudential exposition that tries to identify how each of the DPDPA provisions may be implemented.

A detailed report of the event will be available later and the registered delegates would also get a link to the videos to be published virtually.

Posted in Uncategorized | Leave a comment

Welcome to IDPS 2024

Posted in Uncategorized | Leave a comment

Posted in Uncategorized | Leave a comment

FDPPI Dedicates Privacy Advocate Award in memory of Justice K S Puttaswamy.

In the annual flagship event of FDPPI, namely the Indian Data Protection Summit 2024 (IDPS 2024) set to be held on November 30 and December 1, 2024 at Bengaluru, FDPPI recognizes those who contribute to Privacy and Data Protection in India.

Yesterday we lost Justice K S. Puttaswamy who had contributed to the rising of the Privacy Consciousness in India leading to the passing of DPDPA 2023. FDPPI had the satisfaction of recognizing him with a title of “Privacy Pitamaha” during our 2023 AGM. Continuing our appreciation of his contribution to the Privacy eco system in India, FDPPI has decided that this year, the “Privacy Advocate of the year Award” would be “Dedicated to the memory of the Privacy Pitamaha, Late Justice Sri K.S.Puttaswamy”.

Nominations will be open upto 10th November 2024 and the nomination form would be available here https://fdppi.iletsolutions.com/idps-2024-award-nominations.

There will also be 4 other categories of awards namely “Privacy Knight”, “Privacy Squad”, Privacy Champion (Organization) and “Privacy Innovator”. Out of these, the Privacy Champion Award would be “Dedicated to the memory of Padma Vibhushan, Late Sri Ratan Tata”.

We hope that these leaders who have left this world will continue to inspire our professionals through these awards.

Posted in Uncategorized | Leave a comment

Justice K S Puttaswamy passes away

Justice K S Puttaswamy who was instrumental in initiating a case in Supreme Court on Aadhaar which finally ended up with the judgement leading to passing of DPDPA 2023 reportedly passed away today. He had led a very fruitful life and will be remembered for a long time for his contribution to the field of Privacy. in India.

At the time he was honoured he was 98 years old and hence he lived a full life of 99 years. FDPPI wishes to pass on our condolences to the bereaved family.

Posted in Uncategorized | Leave a comment

FDPPI calls upon GOI to incentivise DPDPA adoption

FDPPI has been working on the adoption of DPDPA Compliance by the society through multiple efforts. Apart from creating “Awareness”, FDPPI has a capacity building program with the creation of “Certified Data Protection Officers and Data Auditors” (C.DPO.DA). Additionally FDPPI has developed an indigenous framework for compliance of DPDPA through DGPSI.

However, it is still an uphill task for pushing the Indian community particularly the MSMEs to take steps for DPDPA Compliance in their operations. One obvious excuse is the lack of funds for compliance while the real reason could be a desire to make hay while the sun shines and gather as much of personal information of public as possible and exploit them. While law can punish them at the appropriate time, the objective of the Government and the society is to persuade the industry to be compliant without the need for using the penalty stick.

FDPPI therefore urges the Government of India to introduce a scheme for incentivisation of adoption of DPDPA at least for MSMEs, in a manner similar to what US Government did for promoting HIPAA adoption. (More details here).

Such a scheme would involve subsidizing the use of “Privacy Compliant Software” and more appropriately “DPDPA Compliant Software” for processing Personal data by a Data Fiduciary. Obviously the software needs to be evaluated and certified as DPDPA Compliant software.

In this direction FDPPI is extending its C.DPO.DA. to specifically train the Data Auditors to evaluate a software system for DPDPA Compliance and assign a DTS score as an indication of the level of “DGPSI Compliance”. Being “DGPSI Compliant” is a fair indication of being “DPDPA Compliance”.

We urge software developers to avail of this evaluation and the tag “Built for DGPSI Compliance” with a “DTS score” and simultaneously urge the MeitY to take steps to introduce a system of incentivisation in the form of a subsidy for use of software which is built for DPDPA Compliance.

Request MeitY to start a debate on this count and form a committee of experts to take a decision at the earliest. This can be announced along with the publication of the final rules under DPDPA.

Posted in Uncategorized | Leave a comment

FDPPI activates Ahmedabad Chapter

FDPPI presently has Chapters in Bengaluru, Mumbai, Delhi, Pune, Hyderabad, Chennai and Nagpur and Kolkata.

Now FDPPI has activated its Chapter in Ahmedabad under the leadership of Advocate Anandaday Mishra, Founder and Managing Partner of AMLEGALS, a leading full service law firm, who will be the President of the Chapter.

Mr Anand is a seasoned Data Privacy professional working in multiple jurisdictions across the globe on data privacy.

The Chapter would function from the premises of AMLEGALS, 201, 203, Westface, Opp Baghban, Zydus Hospital Road, Thaltej, Ahmedabad 380054 and Mr Anand can be contacted at fdppi.ahd@amlegals.com or -8448548549.

FDPPI and AMLEGAL look forward to undertake many activities in Ahmedabad to further the cause of Privacy and Data Protection in India.

We invite professionals in Ahmedabad and other parts of Gujarat to get in touch with Mr Anand to build the community of FDPPI members in the region.

Naavi

Posted in Uncategorized | Leave a comment

The Vision of Tata should continue…

Sri Ratan Tata has lived a full productive life which any body can be proud of. While we regret that his leadership would no longer be available to guide the Indian industry, it is our duty to remember and follow his vision and principles.

One of the notable observations about his career is his commitment to the good of the nation. He was an example for other industrialists and exhibited this commitment in no small measure when he took over Air India.

Naavi and FDPPI appreciate this spirit of working for the benefit of India and follow similar principles of indigenous approach to what we do whether it is DGPSI as a framework or C.DPO.DA. as a Certification.

We therefore would continue to remember him and dedicate one of our annual Privacy Awards we normally distribute during our annual flagship event “Indian Data Protection Summit 2024” (This year to be conducted on November 30 and December 1 at Bengaluru as a hybrid event), to “Commitment to National good”.

More details would be shared separately.

Posted in Uncategorized | Leave a comment

The Six year Milestone

FDPPI which got its Certificate of Incorporation on 17th September 2018 has completed six years today and moving into the 7th Year. We take this opportunity to thank all those who interacted with us in these six years and contributed to what FDPPI is today.

FDPPI also thanks all the members who through their voluntary contributions sustained the efforts of FDPPI all these years.

During this auspicious occasion, FDPPI has undertaken a giant step towards creating a “Cross Certification” system for Data Protection Professionals in India. Under this scheme, FDPPI recognizes that many professionals have acquired qualifications as Privacy and Data Protection Professionals from other organizations such as IAPP, DSCI or ISACA. Some have also obtained similar Certificates from other Private organizations in India.

At the same time FDPPI is providing its own C.DPO.DA. Certification.

While each of the organizations consider their program as the best option for the professionals, the professionals themselves need to go for multiple certifications at a huge cost though there is a overlapping of learning elements in each of these Certifications.

FDPPI as an organization that has been promoted by the professionals themselves strongly believes that “Certifications” are important but should not be a burden to the professionals. Hence to ease the burden of multiple certifications, FDPPI introduces a “Cross Certification Scheme” where those professionals who have already obtained Certifications from other organizations can opt to acquire C.DPO.DA. just by passing through the online examination. If the knowledge acquired in these certifications are good enough, most of these professionals can successfully pass through the examination. If not, they can try to acquire additional knowledge and skills through FDPPI’s own “Master Trainers” and try to attempt the exam again.

FDPPI adopted a unique Banyan Tree model of development where FDPPI remains as a Not for Profit Section 8 company but its set of “Business Associate Members” (earlier called Supporting members) develop and execute commercial projects under the FDPPI banner and provide a royalty revenue to FDPPI.

We take this opportunity to renew our request to our Business Associate Members or Associate Service Providers to come up with new thoughts on how they will be able to develop new services for themselves and also support the future growth of FDPPI.

To start with, we invite some of our Business Associate Members to become “Master Trainers” for C.DPO.DA. A training for trainers would be conducted by Naavi to ensure a reasonable base standard for trainings conducted by such “Master Trainers”.

As a leader of Business Associate Members, Ujvala Consultants Pvt Ltd which is also a patron has come forward with a new service namely the DPDPA Insurability Index where the auditors of Ujvala conduct a quick assessment of DPDPA compliance by an organization with a specific objective of identifying the “Insurable Status” of the organization for a “DPDPA Insurance Cover” against liabilities arising out of DPDPA 2023 non compliance.

We look forward for others to come forward with their own projects which can be executed under the umbrella of FDPPI with a royalty payment.

Posted in Uncategorized | Leave a comment

Developing the community of Data Auditors

FDPPI welcomes the circular of CERT In to the empanelled auditors recommending the FDPPI’s three day program scheduled to be held at Bengaluru on September 27, 28 and 29 for C.DPO.DA. Certification.

It may be observed that FDPPI’s approach is to develop “Certified Data Protection Officer and Data Auditor” through this program. Most of the training organizations stop at discussing the requirements of a DPO who has the responsibility to guide implementation of “Compliance By Design” in an organization.

However, FDPPI considers that DPDPA envisages a definitive role for independent “Data Auditors” who will conduct periodical (annual) audits of organizations regarding the compliance of the Act. FDPPI believes that this is a statutory recognition for auditors who would be conducting “DPDPA Compliance Audit” .

FDPPI has therefore placed an equal emphasis on “Data Audit” in its C.DPO.DA. program which makes it globally unique. While in future we may split the program into two parts with the “Lead Implementer” and “Lead Auditor” roles being considered separate, at present both these are combined in the C.DPO.DA. program which makes it unique.

Accordingly, the curriculum of the program covers

The real impact of this program on the professionals and the organizations in which they work will be enormous.

a) The legal basis for Data Protection in the form of nuances of DPDPA 2023 along with ITA 2000, CPA 2019 and also international laws such as GDPR.

b) Implementation challenges for “Compliance by Design” with Technical and Organizational controls including the technical challenges of

-Data Discovery, Data Classification, Data Storage, Data Access, Consent Management, Management of Rights of Data Principals, Minor’s Data Management, Data Breach Management, Data Retention Management, Data Confidentiality, Integrity and Availability Management, Grievance Redressal management, Management of Consent Managers, Data Pseudonymization, etc.,

c) Governance Challenges related to how the risks can be assessed and managed including Data Valuation and using Cyber Insurance.

d) Conducting an Audit of how an organization has complied with the DPDPA 2023 requirements in a technical environment with a focus on how to look for evidence gathering and validation.

FDPPI’s Certification C.DPO.DA. is a crown jewel which would be available only for those who successfully complete the examination.

All persons who attend the program are given one free attempt at the examination. Examination would be online for a duration of 2 hours. If they opt out of the examination, they will get a “Participation Certificate”.

If they appear for the exam and cross the first cut-off point, they will be eligible for “C.DPO.DA-L1 (Foundation Level)” Certificate. If they cross the second cut-off point, they will be eligible for “C.DPO.DA.-L2 (Implementation Level) Certificate”. If they are able to cross the third cut-off point they will be eligible for C.DPO.DA.-L3 (Expert Auditor Level) certification.

Appropriate reading material would be provided both online and offline. Discussions will include lectures and Case study discussions.

It is our desire that we want to make the Program an elevating experience for all the participants.

Look forward to meeting you…

Naavi

Posted in Uncategorized | Leave a comment