DPDPA 2023 has envisaged that all Significant Data Fiduciaries would be mandatorily required to appoint an independent data auditor to carry out data audit, who shall evaluate the compliance of the Significant Data Fiduciary in accordance with the provisions of this Act; [Section 1092)(b)].
It is expected that the rules to be notified would indicate the details of what is expected of the Data Auditor. It is possible that the Government may provide some time for introducing this requirement. However the law is clear that the function of the “Data Auditor” is that he should be able to carry out a “Data Audit” and “Evaluate” “Compliance” of this Act by the Significant Data Fiduciary.
FDPPI has now created the C.DPO.DA. as a comprehensive certification program for both Data Protection Officers and Data Auditors and covers the knowledge of DPDPA 2023, ITA 2000, GDPR, CCPA/CPRA, Singapore PDPA, introduction to Audit skills under ISO, BIS draft guidelines on Data Governance and DGPSI system in detail. It is considered that the course followed by the online examination would be a reasonable test of the credentials of a professional to be a Data Auditor.
FDPPI has now created a consortium which has the skills of DGPSI based data audits, along with the skills of implementation of ISO 27001/27701/Soc2 and other audits besides other governance requirements. This consortium would provide “Data Auditor” services to the Corporate members of FDPPI on request and to other companies on demand.
As and when the MeitY comes up with detailed guidelines on the Data Auditors, necessary modifications will be made for the accreditation of members to the FDPPI Consortium of Data Auditors. (FCDA).
In the meantime, FDPPI will continue to certify new professionals for the C.DPO.DA. course though not all of them would be part of the FCDA.
Naavi