DPDPA 2023 was passed into a law by the Indian Parliament on August 7th and 9th 2023 and gazette notified with Presidential assent on August 11 2023. Immediately it became part of the “Due Diligence” implementation of Information Technology Act 2000 as a legislative intention to expand Section 43A. Indian Data Protection law therefore transformed from 98 sections of ITA 2000 to 97 sections of ITA 2000 and 44 sections of DPDPA. (Section 43A of ITA 2000 would be deleted when DPDPA 2023 becomes fully operative with a notification which is expected in the next quarter).
On November 13, 2025, Government notified the time line for implementation according to which certain provisions of DPDPA 2023 related to the formation of the Data Protection Board will come into effect immediately, Registration of Consent Managers would commence from 12 months from the date of notification and all other provisions would become effective from 18 months from the date of notification.
With this, the status of DPDPA as “Reasonable Security Practice” and “Due Diligence” under ITA 2000 is further established.
Organizations need to start taking steps for implementation starting with discovery of DPDPA Protected Data (DPD), Classification of DPD, Creating an inventory of DPD, Creating an inventory of Processes, followed by other requirements.
The DGPSI(Data Governance and Protection Standard of India) Framework developed by FDPPI will be the perfect guideline for the implementation and provides an extension for the AI environment as well.
FDPPI’s C.DPO.DA. or Certified DPO and Data Auditor program is designed to provide necessary knowledge and skill sets to the professionals.
FDPPI is also developing a community of “Independent Data Auditors” so that C.DPO.DA. can be extended to “Certified Independent Data Auditors”. This upgradation program will be available during January-February 2026.
FDPPI being the leader in the industry has already started offering services to companies on
- Privacy Impact Assessment
- DPDPA Gap Assessment
- External DPO assistance
- Data Auditor Service
- Data Protection Impact Assessment
Several other audit organizations are set to follow the footsteps of FDPPI to offer similar services.
FDPPI is of the view that DPDPA compliance is a journey which will take some time and it would be necessary for companies to plan their implementation journey well in advance so that they will be ahead of the market. Even if the Government is gracious enough to provide 18month time for implementation, it is considered that starting early will give an opportunity to companies to test their implementation suitably so that they can get assurance certification from third party auditors on “Conformity Assessment” of their systems.
Hence FDPPI which started its activities on “Certification of Data Protection Professionals” way back in 2019 and upgraded the certifications to the current versions of the data protection laws has further made revisions to its delivery of “Certification Programs”.
The Flagship Program of FDPPI will be C.DPO.DA. which is “Certified Data Protection Officer and Data Auditor”. This certification requires
a) Knowledge of Indian Data Protection law which includes ITA 2000 and DPDPA 2023
b) Knowledge of global data protection laws which includes GDPR, US laws such as HIPAA, CCPA/CPRA, Singapore PDPA, Dubai DFL-DPA etc.
c) Basic understanding of the implementation of a “Compliance By Design” program in an organization to meet the compliance of DPDPA 2023
d) Basic understanding of the skills of Data Audit and Assessment under DPDPA.
e) Basic understanding of ISO 27701:2025 and its relation with DGPSI
Out of the above “Compliance by Design” is designed on the unique DGPSI framework which is Data Governance and Protection Standard of India encompassing not only the laws of Data Protection but also the expected Governance related data protection measures conceived by the Bureau of Indian Standards (BIS). The Data Auditors are also trained on the system of Data Trust Score (DTS). Third party Audits and Assessments are certified under the guidelines of FDPPI.
In order to empower the individual data protection professionals to take over the responsibility of Data Protection, FDPPI has introduced the C.DPO.DA. program with multiple sub parts namely
- Certified Cyber Law Professional (Based on ITA 2000)
- Certified Indian Data Protection Professional (Based on DPDPA 2023)
- Certified Global Data Protection Professional (Based on GDPR, CCPA etc)
- Certified DGPMS Implementor (Based on Digital Governance and Protection Management System for India)
- Certified Data Protection Officer and Data Auditor (Based on compliance of DPDPA, ITA 2000 and proposed BIS standard of Data Protection)
- Special Mentor Assisted Recorded Video program
Consequent to the passage of DPDPA 2023, there is a need for Data Auditors (DA) in India who can conduct audits of Significant Data Fiduciaries (SDF) for compliance of DPDP 2023. Significant Data Fiduciaries are also required to appoint Data Protection Officers (DPO).
Considering the feedbacks received from the market over the last three years, FDPPI has now provided two options for taking up Certification programs.
One is a Certification program delivered through our training partner iLet.com on a subscription basis. Under the subscription model, professionals would be provided subscription to different training programs at a subscription fee and if the students are capable of completing their study within a short time, the cost of acquisition of the certification would be much lower than the present system.
At the end of each module for Certificate courses in Cyber Law, Indian Data Protection Law and Global Data Protection Law, participation certificates are issued for record. The C.DPO.DA. Certificate is available only for those who pass an online examination.
The Course subscription fee which will be initially for a period of 2 months for each course would be as follows: ( P.S: Note. GST of 18% is extra on all prices indicated)
- Certificate in Cyber Laws: Rs 3000/-
- Certificate in Indian Data Protection Laws: Rs 4000/-
- Certificate in Global Data Protection Laws: Rs 5000/-
- Certificate in DPDPA Implementation and Audit: Rs 6000/-
Extended subscription for 4 months and 6 months would be available at an incremental cost of 50% of the price for the first two months.
Students are also provided the option of booking online “Mentor Sessions” with experienced faculty to clarify on their various doubts. These mentor sessions of 90 minutes at a time would be available at a payment of an additional fee of Rs 1500 for Certificate course in Cyber Laws, Rs 2000/- for Certificate course in Indian and Global Data Protection laws and the audit module. For C.DPO.DA. mentor sessions would be available at a fee of Rs 2500/- per session.
For those who take up C.DPO.DA. directly, FDPPI conducts programs from time to time both on online and offline basis. Please refer to the page here.
Students who register for the examination are required to pay an examination fee. For those who take the examination without going through the C.DPO.DA. course, the open examination appearance fee would be Rs 25000/- . Those who attend the examination after completing the course within the 2 months after completing the course, would be required to pay an examination fee of Rs 10000/-. Repeat examination fee would be Rs 6000/-.
Those who take some of the programs may be offered one examination attempt complimentary along with the course.
The book of material for study would consist of the following three books available publicly on Amazon/Flipkart.
The evaluation and passing criteria will be determined exclusively by FDPPI in a fair manner and based on normalization principles. It is not subject to debate and the decision of the examination committee will be final.
Clarifications if any may be sought from Naavi/FDPPI.
