PDPSI or the Personal Data Protection Standard of India was introduced two years back and after continuous evaluation and fine tuning, has been adopted as the framework for certifying compliance of an organization for Data Security.
PDPSI will cover compliance requirements of current ITA 2000 (Section 43A), the proposed (PDPB 2019), GDPR and other global data protection laws applicable to an Indian organization.
PDPSI is therefore a “Unified Framework for Multiple Personal Data Protection Regulations”.
PDPSI incorporates all the best practice requirements of ISO 277001 and extends it further to new areas of data protection requirement.
FDPPI has created two types of trained professionals namely the “Certified Global Privacy and Data Protection Consultant” (CGPDP Consultant) and “Certified Global Privacy and Data Protection Auditor” (CGPDPA) through a rigorous training program covering data protection laws of India, data protection laws of major countries such as EU-GDPR, CCPA,HIPAA, Singapore PDPA, Dubai DFC, Brazil, LGPD etc besides Data Audit skills and the nuances of the PDPSI framework.
The PDPSI framework is also being released as a general guideline for organizations for self implementation. It could be considered as the recommended “Code of Practice” . The CGPDP Consultants will be able to assist the organizations for implementation by developing customized policy templates and technical architecture that may be required for the compliance. CGPDP Auditors would be able to get the organizations “Certified” under the Certification system which has been adopted by FDPPI.
Under this program, FDPPI will be accrediting Certification Bodies which are organizations who would undertake PDPSI based audits and certifying organizations. Every such organizations would be required to engage the services of at least one CGPDP Auditor as a “Lead Auditor” under a contractual binding. Such a Lead auditor associated with the Certification body would guide other professionals under them to conduct the audit leading to Certification.
The PDPSI audits will include DTS evaluation which will also be registered with FDPPI. It will also include a mandatory feedback from the organization to FDPPI along with a consent (or rejection) for publication of DTS. PDPSI auditees will also be provided limited assistance for maintenance of the audit through a mentorship program where a qualified “Mentor” would be available for quarterly consultation on critical issues of compliance.
The Certification bodies will be free to charge their fee for conducting the audit but would be paying a nominal registration fee for accreditation and a nominal per assignment fee for registration of DTS and maintenance support given by FDPPI following the audit certification.
At the time of accreditation, the Certifying body would be signing an MOU along with the designated Lead Auditor.
More details can be shared on request.
Naavi
