DPDPA 2023 was passed into a law by the Indian Parliament on August 7th and 9th 2023 and gazette notified with Presidential assent on August 11 2023. Immediately it became part of the “Due Diligence” implementation of Information Technology Act 2000 as a legislative intention to expand Section 43A. Indian Data Protection law therefore transformed from 98 sections of ITA 2000 to 97 sections of ITA 2000 and 44 sections of DPDPA. (Section 43A of ITA 2000 would be deleted when DPDPA 2023 becomes fully operative with a notification which is expected in the next quarter).
Companies are today conducting “Privacy Impact Assessments” of their business to understand the extent of impact the DPDPA 2023 will have on their business and the necessary compliance activities to be undertaken by them. CFOs are busy anticipating the financial risk of penalties and rushing to Cyber Insurers to enquire what solutions they have to offer to cover the emerging new risk.
At the same time professionals are looking forward to upgradation of their skills to be eligible for being designated as “Data Protection Officer” or “DPDPA Compliance Officer” in their respective institutions. Some of the experienced “Auditors” are eyeing to expand their portfolios to being “Data Auditors”. Major audit firms are also trying to expand their scope of service to include “Data Audit” as part of their services.
FDPPI being the leader in the industry has already started offering services to companies on
- Privacy Impact Assessment
- DPDPA Gap Assessment
- External DPO assistance
- Data Auditor Service
- Data Protection Impact Assessment
Several other audit organizations are set to follow the footsteps of FDPPI to offer similar services.
Many of the companies and their boards are however waiting for the next notification to be made by the Government before committing to an action plan.
FDPPI is of the view that DPDPA compliance is a journey which will take some time and it would be necessary for companies to plan their implementation journey well in advance so that they will be ahead of the market. Even if the Government is gracious enough to provide time for implementation, it is considered that starting early will give an opportunity to companies to test their implementation suitably so that they can get assurance certification from third party auditors on “Conformity Assessment” of their systems.
Hence FDPPI which started its activities on “Certification of Data Protection Professionals” way back in 2019 and upgraded the certifications to the current versions of the data protection laws has further made revisions to its delivery of “Certification Programs”.
The Flagship Program of FDPPI will be C.DPO.DA. which is “Certified Data Protection Officer and Data Auditor”. This certification requires
a) Knowledge of Indian Data Protection law which includes ITA 2000 and DPDPA 2023
b) Knowledge of global data protection laws which includes GDPR, US laws such as HIPAA, CCPA/CPRA, Singapore PDPA, Dubai DFL-DPA etc.
c) Basic understanding of the implementation of a “Compliance By Design” program in an organization to meet the compliance of DPDPA 2023
d) Basic understanding of the skills of Data Audit and Assessment under DPDPA.
Out of the above “Compliance by Design” is designed on the unique DGPSI framework which is Data Governance and Protection Standard of India encompassing not only the laws of Data Protection but also the expected Governance related data protection measures conceived by the Bureau of Indian Standards (BIS). The Data Auditors are also trained on the system of Data Trust Score (DTS). Third party Audits and Assessments are certified under the guidelines of FDPPI.
In order to empower the individual data protection professionals to take over the responsibility of Data Protection, FDPPI has introduced the C.DPO.DA. program with multiple sub parts namely
- Certified Cyber Law Professional (Based on ITA 2000)
- Certified Indian Data Protection Professional (Based on DPDPA 2023)
- Certified Global Data Protection Professional (Based on GDPR, CCPA etc)
- Certified DGPMS Implementor (Based on Digital Governance and Protection Management System for India)
- Certified Data Protection Officer and Data Auditor (Based on compliance of DPDPA, ITA 2000 and proposed BIS standard of Data Protection)
Consequent to the passage of DPDPA 2023, there is a need for Data Auditors (DA) in India who can conduct audits of Significant Data Fiduciaries (SDF) for compliance of DPDP 2023. Significant Data Fiduciaries are also required to appoint Data Protection Officers (DPO).
Considering the feedbacks received from the market over the last three years, FDPPI has now revised its Certification delivery programs from a “One time Course oriented fee” to a subscription model.
Under the new subscription model, professionals would be provided subscription to different training programs at a subscription fee and if the students are capable of completing their study within a short time, the cost of acquisition of the certification would be much lower than the present system.
At the end of each module for Certificate courses in Cyber Law, Indian Data Protection Law and Global Data Protection Law, participation certificates are issued for record. The C.DPO.DA. Certificate is available only for those who pass an online examination.
Further, each month, a limited number of students (Minimum 5 students) would be provided a special “Discount” to promote DPDPA Awareness across the country. This will be available from the month of June 2024 and registrations for discounted price would be obtained during the last week of the previous month for each batch.
The Course subscription fee which will be initially for a period of 2 months for each course would be as follows: ( P.S: Note. GST of 18% is extra on all prices indicated)
- Certificate in Cyber Laws: Rs 3000/-
- Certificate in Indian Data Protection Laws: Rs 4000/-
- Certificate in Global Data Protection Laws: Rs 5000/-
- Certificate in DPDPA Implementation and Audit: Rs 6000/-
Extended subscription for 4 months and 6 months would be available at an incremental cost of 50% of the price for the first two months.
Students are also provided the option of booking online “Mentor Sessions” with experienced faculty to clarify on their various doubts. These mentor sessions of 90 minutes at a time would be available at a payment of an additional fee of Rs 1500 for Certificate course in Cyber Laws, Rs 2000/- for Certificate course in Indian and Global Data Protection laws and the audit module. For C.DPO.DA. mentor sessions would be available at a fee of Rs 2500/- per session.
For those who take up C.DPO.DA. directly, the subscription fee would be Rs 15000/- for the first two months and an additional Rs7500/- for every extension of 2 months.
Students who register for the examination are required to pay an examination fee. For those who take the examination without going through the C.DPO.DA. course, the open examination appearance fee would be Rs 25000/- . Those who attend the examination after completing the course within the 2 months after completing the course, would be required to pay an examination fee of Rs 10000/-. Repeat examination fee would be Rs 6000/-.
All registrants to examination will be provided a Book of Material covering the knowledge requirements for passing the examination.
The evaluation and passing criteria will be determined exclusively by FDPPI in a fair manner and based on normalization principles. It is not subject to debate and the decision of the examination committee will be final.
Clarifications if any may be sought from Naavi or iLet Solutions which is our technology partner.
