FDPPI introduces “Cross Certification”

FDPPI has been a leading Data Privacy Certification agency in India. It’s flagship Certification program C.DPO.DA is a specially constructed Certification program for professionals engaged as “DPO” in Indian Companies or propose to be “Data Auditors” as envisaged under DPDPA 2023.

Indian Companies are exposed to both Indian data protection laws as well as laws of other countries if they are collecting and processing significant amount of data from outside India. Hence they need to be compliant with multiple data protection laws.

Further, FDPPI has structured a Compliance Framework namely Data Governance and Protection Standard of India (DGPSI) which is a Certifiable framework that can be used as an implementation guideline for “DPDPA Compliance By Design” and also for third party certification from accredited FDPPI auditors and further for Compliance maturity assessment through the system of DTS (Data Trust Score).

The C.DPO.DA, program therefore has three modules namely Module-I (Indian data protection laws), Module-G (Global Data Protection Laws) and Module-A (Audit requirements).

Module I covers DPDPA 2023 and ITA 2000 from the perspective of Personal Data protection and management as required under these laws.

Module G covers GDPR, US Data Protection laws such as HIPAA, CPRA and Singapore PDPA 2012 to provide a flavour of how international data protection laws impact an Indian company.

Module A covers the audit requirements for compliance of DPDPA 2023, relevant aspects of ITA 2000, ISO 27001, ISO 27701 and a detailed discussion of DGPSI as a audit framework.

It is the philosophy of FDPPI to make Compliance less complex and less burdensome to the organizations. Over a period the Certification industry both for individual professionals and organizations have grown into a maze of multiple certifications increasing the cost of Compliance and complexity of certification.

Typically today even in the Information/Data Security domain only, an organization goes through ISO 27001, ISO 27701, PCI DSS, SOC 2 etc. Similarly an individual professional undergoes multiple Certifications like CIPP-E,CIPP-US, CDPSE etc. Professionals and organizations also incur additional expenditure on maintenance of such certifications.

Despite the huge expenses none of these Certifications address the issue of Indian DPDPA compliance either in terms of building the knowledge at professional levels or in compliance by organizations.

All these increase the cost of professional qualifications, increases expectations of salary and increase in the cost of administration of compliance by organizations. SMEs/MSMEs will not be able to meet these costs and therefore may be forced to end up compromising information security.

FDPPI which is committed to societal benefits has therefore come up voluntarily to provide recognition of earlier certification by Professionals and allow them to become C.DPO.DA

Recognizing the historical fact that some organizations have already been present in the certification under global laws, FDPPI has decided to voluntarily offer a “Cross Certification” system to recognize the Certification already undergone by different professionals.

Accordingly, FDPPI will offer exemption from Module G to all those professionals who wants to take up C.DPO.DA examination for those who hold CIPP certifications from IAPP provided they provide the necessary proof of completion.

Similarly, for those who are qualified as Lead Auditors under ISO 27001/27701 programs, a direct entry to the last part of Module A on DGPSI would suffice to take the C.DPO.DA examination.

However passing the exam would be mandatory for certification.

This will ensure that the investments made by professionals in such programs will not go waste as they become C.DPO.DA. certificate holders.

Watch out out for more information on this …

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.