While in India, the Personal Data Protection Act of India (PDPA 2020) is awaiting clearance of the Parliament, Being compliant with the Personal Data Protection law has become the top of the mind concern for most corporate managers.
Some ultra cautious professionals are waiting for the Personal Data Protection Bill 2019 to be passed by the Parliament before doing anything towards compliance. The more optimistic professionals are however going ahead and getting ready for the law with the presumption that the law will get passed soon and even if it is delayed, PDPA being an extension of ITA 2000 is relevant as “Due Diligence” under ITA 2000 even today.
In the meantime other countries are racing against each other to introduce their own laws. DIFC, UAE, South Africa, Brazil, New Zealand have all introduced their respective data protection laws.
India being the global hub for data processing, Indian companies often deal with personal data from multiple countries which exposes them to the compliance of multiple data protection laws. Indian data processing industry is therefore looking for ways and means of finding out the best way to implement a Personal Data Protection System in their organizations which will enable them to be compliant with multiple global laws along with the upcoming Indian law.
Some of the large organizations with high stake in GDPR have adopted ISO 27701 as a standard for implementation to be compliant with GDPR
While ISO 27701 is tailored to meet the GDPR and could serve the compliance of GDPR it will not meet the requirement of compliance of PDPA.
Also, ISO 27701 is meant for the rich large corporations and will require the base compliance of ISO27001, 27002 and probably some other connected standards. Together it is a massive exercise and a massive expense unsuitable for smaller companies.
It is also imperative that we need to develop indigenous standards which are a reflection of our self reliance (Atma Nirbhar) in such matters.
Recognizing this need, the team of professionals in FDPPI (Foundation of Data Protection professionals in India) have embarked on using the Personal Data Protection Standard of India (PDPSI).
This framework will meet the unique requirement of being compliant with PDPA 2020.
PDPSI-IN would be the instance of the framework which would be tightly mapped to PDPA 2020. This is the immediate need for self reliance of PDPA compliance in India.
At the next stage, when we move from “Local to Global”, other instances of PDPSI would be developed for compliance of other data protection laws.
With this approach, PDPSI-EU would be mapped to GDPR, PDPSI-CCPA would be mapped to CCPA and so on. These frameworks will basically enable the Indian organizations with stake of multiple data protection laws to ensure compliance with ease.
It is possible that if the frameworks turnout to be useful to the industry, it can become standard frameworks to be exported.
Hopefully the Indian Government will see the potential of this thought as a “Make in India and Take it Global” concept and provide it’s support.
Watch out for more information on this. Contact FDPPI for more details.