FDPPI is your Privacy Companion

In the annual flagship event of FDPPI, namely the Indian Data Protection Summit 2024 (IDPS 2024) set to be held on November 30 and December 1, 2024 at Bengaluru, FDPPI recognizes those who contribute to Privacy and Data Protection in India.

Yesterday we lost Justice K S. Puttaswamy who had contributed to the rising of the Privacy Consciousness in India leading to the passing of DPDPA 2023. FDPPI had the satisfaction of recognizing him with a title of “Privacy Pitamaha” during our 2023 AGM. Continuing our appreciation of his contribution to the Privacy eco system in India, FDPPI has decided that this year, the “Privacy Advocate of the year Award” would be “Dedicated to the memory of the Privacy Pitamaha, Late Justice Sri K.S.Puttaswamy”.

Nominations will be open upto 10th November 2024 and the nomination form would be available here https://fdppi.iletsolutions.com/idps-2024-award-nominations.

There will also be 4 other categories of awards namely “Privacy Knight”, “Privacy Squad”, Privacy Champion (Organization) and “Privacy Innovator”. Out of these, the Privacy Champion Award would be “Dedicated to the memory of Padma Vibhushan, Late Sri Ratan Tata”.

We hope that these leaders who have left this world will continue to inspire our professionals through these awards.

Justice K S Puttaswamy who was instrumental in initiating a case in Supreme Court on Aadhaar which finally ended up with the judgement leading to passing of DPDPA 2023 reportedly passed away today. He had led a very fruitful life and will be remembered for a long time for his contribution to the field of Privacy. in India.

At the time he was honoured he was 98 years old and hence he lived a full life of 99 years. FDPPI wishes to pass on our condolences to the bereaved family.

FDPPI has been working on the adoption of DPDPA Compliance by the society through multiple efforts. Apart from creating “Awareness”, FDPPI has a capacity building program with the creation of “Certified Data Protection Officers and Data Auditors” (C.DPO.DA). Additionally FDPPI has developed an indigenous framework for compliance of DPDPA through DGPSI.

However, it is still an uphill task for pushing the Indian community particularly the MSMEs to take steps for DPDPA Compliance in their operations. One obvious excuse is the lack of funds for compliance while the real reason could be a desire to make hay while the sun shines and gather as much of personal information of public as possible and exploit them. While law can punish them at the appropriate time, the objective of the Government and the society is to persuade the industry to be compliant without the need for using the penalty stick.

FDPPI therefore urges the Government of India to introduce a scheme for incentivisation of adoption of DPDPA at least for MSMEs, in a manner similar to what US Government did for promoting HIPAA adoption. (More details here).

Such a scheme would involve subsidizing the use of “Privacy Compliant Software” and more appropriately “DPDPA Compliant Software” for processing Personal data by a Data Fiduciary. Obviously the software needs to be evaluated and certified as DPDPA Compliant software.

In this direction FDPPI is extending its C.DPO.DA. to specifically train the Data Auditors to evaluate a software system for DPDPA Compliance and assign a DTS score as an indication of the level of “DGPSI Compliance”. Being “DGPSI Compliant” is a fair indication of being “DPDPA Compliance”.

We urge software developers to avail of this evaluation and the tag “Built for DGPSI Compliance” with a “DTS score” and simultaneously urge the MeitY to take steps to introduce a system of incentivisation in the form of a subsidy for use of software which is built for DPDPA Compliance.

Request MeitY to start a debate on this count and form a committee of experts to take a decision at the earliest. This can be announced along with the publication of the final rules under DPDPA.

FDPPI presently has Chapters in Bengaluru, Mumbai, Delhi, Pune, Hyderabad, Chennai and Nagpur and Kolkata.

Now FDPPI has activated its Chapter in Ahmedabad under the leadership of Advocate Anandaday Mishra, Founder and Managing Partner of AMLEGALS, a leading full service law firm, who will be the President of the Chapter.

Mr Anand is a seasoned Data Privacy professional working in multiple jurisdictions across the globe on data privacy.

The Chapter would function from the premises of AMLEGALS, 201, 203, Westface, Opp Baghban, Zydus Hospital Road, Thaltej, Ahmedabad 380054 and Mr Anand can be contacted at fdppi.ahd@amlegals.com or -8448548549.

FDPPI and AMLEGAL look forward to undertake many activities in Ahmedabad to further the cause of Privacy and Data Protection in India.

We invite professionals in Ahmedabad and other parts of Gujarat to get in touch with Mr Anand to build the community of FDPPI members in the region.

Naavi

Sri Ratan Tata has lived a full productive life which any body can be proud of. While we regret that his leadership would no longer be available to guide the Indian industry, it is our duty to remember and follow his vision and principles.

One of the notable observations about his career is his commitment to the good of the nation. He was an example for other industrialists and exhibited this commitment in no small measure when he took over Air India.

Naavi and FDPPI appreciate this spirit of working for the benefit of India and follow similar principles of indigenous approach to what we do whether it is DGPSI as a framework or C.DPO.DA. as a Certification.

We therefore would continue to remember him and dedicate one of our annual Privacy Awards we normally distribute during our annual flagship event “Indian Data Protection Summit 2024” (This year to be conducted on November 30 and December 1 at Bengaluru as a hybrid event), to “Commitment to National good”.

More details would be shared separately.

FDPPI which got its Certificate of Incorporation on 17th September 2018 has completed six years today and moving into the 7th Year. We take this opportunity to thank all those who interacted with us in these six years and contributed to what FDPPI is today.

FDPPI also thanks all the members who through their voluntary contributions sustained the efforts of FDPPI all these years.

During this auspicious occasion, FDPPI has undertaken a giant step towards creating a “Cross Certification” system for Data Protection Professionals in India. Under this scheme, FDPPI recognizes that many professionals have acquired qualifications as Privacy and Data Protection Professionals from other organizations such as IAPP, DSCI or ISACA. Some have also obtained similar Certificates from other Private organizations in India.

At the same time FDPPI is providing its own C.DPO.DA. Certification.

While each of the organizations consider their program as the best option for the professionals, the professionals themselves need to go for multiple certifications at a huge cost though there is a overlapping of learning elements in each of these Certifications.

FDPPI as an organization that has been promoted by the professionals themselves strongly believes that “Certifications” are important but should not be a burden to the professionals. Hence to ease the burden of multiple certifications, FDPPI introduces a “Cross Certification Scheme” where those professionals who have already obtained Certifications from other organizations can opt to acquire C.DPO.DA. just by passing through the online examination. If the knowledge acquired in these certifications are good enough, most of these professionals can successfully pass through the examination. If not, they can try to acquire additional knowledge and skills through FDPPI’s own “Master Trainers” and try to attempt the exam again.

FDPPI adopted a unique Banyan Tree model of development where FDPPI remains as a Not for Profit Section 8 company but its set of “Business Associate Members” (earlier called Supporting members) develop and execute commercial projects under the FDPPI banner and provide a royalty revenue to FDPPI.

We take this opportunity to renew our request to our Business Associate Members or Associate Service Providers to come up with new thoughts on how they will be able to develop new services for themselves and also support the future growth of FDPPI.

To start with, we invite some of our Business Associate Members to become “Master Trainers” for C.DPO.DA. A training for trainers would be conducted by Naavi to ensure a reasonable base standard for trainings conducted by such “Master Trainers”.

As a leader of Business Associate Members, Ujvala Consultants Pvt Ltd which is also a patron has come forward with a new service namely the DPDPA Insurability Index where the auditors of Ujvala conduct a quick assessment of DPDPA compliance by an organization with a specific objective of identifying the “Insurable Status” of the organization for a “DPDPA Insurance Cover” against liabilities arising out of DPDPA 2023 non compliance.

We look forward for others to come forward with their own projects which can be executed under the umbrella of FDPPI with a royalty payment.

FDPPI welcomes the circular of CERT In to the empanelled auditors recommending the FDPPI’s three day program scheduled to be held at Bengaluru on September 27, 28 and 29 for C.DPO.DA. Certification.

It may be observed that FDPPI’s approach is to develop “Certified Data Protection Officer and Data Auditor” through this program. Most of the training organizations stop at discussing the requirements of a DPO who has the responsibility to guide implementation of “Compliance By Design” in an organization.

However, FDPPI considers that DPDPA envisages a definitive role for independent “Data Auditors” who will conduct periodical (annual) audits of organizations regarding the compliance of the Act. FDPPI believes that this is a statutory recognition for auditors who would be conducting “DPDPA Compliance Audit” .

FDPPI has therefore placed an equal emphasis on “Data Audit” in its C.DPO.DA. program which makes it globally unique. While in future we may split the program into two parts with the “Lead Implementer” and “Lead Auditor” roles being considered separate, at present both these are combined in the C.DPO.DA. program which makes it unique.

Accordingly, the curriculum of the program covers

The real impact of this program on the professionals and the organizations in which they work will be enormous.

a) The legal basis for Data Protection in the form of nuances of DPDPA 2023 along with ITA 2000, CPA 2019 and also international laws such as GDPR.

b) Implementation challenges for “Compliance by Design” with Technical and Organizational controls including the technical challenges of

-Data Discovery, Data Classification, Data Storage, Data Access, Consent Management, Management of Rights of Data Principals, Minor’s Data Management, Data Breach Management, Data Retention Management, Data Confidentiality, Integrity and Availability Management, Grievance Redressal management, Management of Consent Managers, Data Pseudonymization, etc.,

c) Governance Challenges related to how the risks can be assessed and managed including Data Valuation and using Cyber Insurance.

d) Conducting an Audit of how an organization has complied with the DPDPA 2023 requirements in a technical environment with a focus on how to look for evidence gathering and validation.

FDPPI’s Certification C.DPO.DA. is a crown jewel which would be available only for those who successfully complete the examination.

All persons who attend the program are given one free attempt at the examination. Examination would be online for a duration of 2 hours. If they opt out of the examination, they will get a “Participation Certificate”.

If they appear for the exam and cross the first cut-off point, they will be eligible for “C.DPO.DA-L1 (Foundation Level)” Certificate. If they cross the second cut-off point, they will be eligible for “C.DPO.DA.-L2 (Implementation Level) Certificate”. If they are able to cross the third cut-off point they will be eligible for C.DPO.DA.-L3 (Expert Auditor Level) certification.

Appropriate reading material would be provided both online and offline. Discussions will include lectures and Case study discussions.

It is our desire that we want to make the Program an elevating experience for all the participants.

Look forward to meeting you…

Naavi

At present there is a large section of professionals in India with expertise to conduct audits for Information Security and some of them are also engaged as “Auditors of CERT In Empanelled organizations”. The “Auditors of CERT In Empanelled organizations” were expected to be a hybrid type of auditors who were capable of assessing the Information System Controls from the perspective of compliance to the ITA 2000 provisions which was the law of the land. This required a “Techno Legal Understanding” that not all IS auditors could manage successfully.

With the need to now understand DPDPA 2023, the role of Techno Legal Auditors in India has undergone a further change and there is an urgent need to upgrade the expertise of “Technically qualified Information Security Auditors to understand the need to conduct audits with the Legal perspective”.

This transformation from Technical Information Security Audit to Techno Legal DPDPA audit is the need of the day and is being addressed by FDPPI though its C.DPO.DA. (Certified Data
Protection Officer and Data Auditor) Course.

In order to expand the reach of such course, FDPPI is conducting a three-day offline program exclusively designed for Information Security experts including “Auditors of CERT In Empanelled organizations”.

The first of such program will be held in Bengaluru, on 27th ,28th & 29th September 2024.

Venue:

Viveka Auditorium Yuvapatha,

#4, 31st Cross Rd, 4th T Block East, 4th Block, Jayanagar, Bengaluru, Karnataka 560011

Contact: fdppi4privacy@gmail.com

Payment for Registration can be made here:

Kindly note that all participants would be eligible for Participation Certificate with 18 hours CPE. The participants are also eligible for attending the online examination within October 15 and obtain the full certificate C.DPO.DA.

The normal fee of Rs 10000/- for examination is waived for the participants for one appearance within 15th October 2024. One year individual membership worth Rs 10000/- is also free.

The program would be lead by Naavi and would include several case study discussions and practical issues in the implementation of DPDPA Act and upcoming rules.

The program would also discuss the details of India based frameworks such as the Cyber Security Framework of CERT In and BIS standard (draft) for Data Governance and Data Protection. It may be noted that at present there is no other similar program in India with a focus on Indian requirements of data protection, particularly to the depth to which this program goes in.

Appropriate reading material would be provided during the program for the participants including a copy of the book “Guardians of Privacy…by Naavi”

This program will further strengthen the approach of FDPPI to develop an indigenous approach to the compliance of DPDPA using DGPSI along with CSF of CERT-In for information security of applicable personal information.

Price with GST

(For the Bengaluru Program only)

The program is designed for “Auditors of CERT In Empanelled organizations” and the capacity is a maximum 25 numbers. A few Auditors who are not “Auditors of CERT In Empanelled organizations” are being accommodated on specific request.

Payment for Registration can be made here: