FDPPI is your Privacy Companion

The much awaited comprehensive Certification Program for DPOs in India from FDPPI is set to commence on June 19, 2021 as per the following tentative schedule.

The program consists of 36 hours of online training covering the Data Protection laws of India in full detail, GDPR in reasonable detail and laws of several other countries.

The sessions would be primarily conducted by Naavi, a veteran who started virtual education way back in the year 2000 through Cyber Law College and is the founder of www.naavi.org, as well as Chairman of FDPPI.

The discussion on Indian law will be on the basis of PDPB 2019 and ITA 2000/8. As and when the Bill is passed, a free bridging session will be offered to all the participants to discuss the changes so that the participants would be fully aware of the Indian Law.

The focus of the program will be to equip a Data Protection Officer with relevant knowledge required to take on the responsibility . The participants will get a certificate as
“Certified PDP-CMS Auditor” or “Certified PDP-CMS Consultant” depending on their performance in the examination.

The online examination will consist of 3 papers which will be held  on July 31st (Paper 1 and Paper 2) and August 1st 2021. (paper 3)

PDP-CMS audit is an audit for “Personal Data Protection Compliance Management System” which will be mandatory to be implemented  by every organization in India handling personal data. Those organizations which are classified as Significant Data Fiduciaries would be required to mandatorily get an audit conducted annually by an external auditor.

The PDP-CMS audit will include Evaluation of “Data Trust Score” (DTS) which is a unique proposition of the Indian Law.

The Evaluation of DTS will be based on a unique system established by FDPPI under the Personal Data Protection Standard of India (PDPSI).

In view of the  collaboration between FDPPI and DNV, the globally recognized organization which is known for Management audits, the Certificates would be issued under the joint names of FDPPI-DNV.

The online examination will consist of thee separate online multiple choice examination for 90 minutes each. There will be two cutoff marks for certification. Participants who clear the higher cutoff would be provided the certificate as PDP-CMS Auditor. Participants who clear a lower cutoff would be provided the certificate as PDP-CMS Consultant.

Certified PDP-CMS auditors would be accredited by FDPPI under their PDPSI audit program and will be eligible to conduct audits in association with Certification Bodies who are organizations accredited with FDPPI. PDP-CMS consultants would be able to provide consultancy to organizations to prepare themselves for audit and also upgrade themselves to the auditor grade based on experience.

The total fees for the program would be Rs 40,000/- (Or approximately US$ 575/-)

The application can be completed here

The Fees may be paid here.

(Registration is now closed)

 P.S: It may be noted that the Minister of Law and IT, honourable Mr Ravi Shankar Prasad in an interview on 28th May 2021 with Times now has indicated that the Government will push the passage of PDPB 2019 in the next Parliamentary session. Excerpts from this interview is available here.

It is likely that the Government would provide some time for implementation and will require around 3 months to set up the Data Protection Authority. However it appears that Jurisprudence has already developed in India to consider the principles of Personal Data Protection  discussed in the PDPB 2019 as  “Due Diligence” under ITA 2000/8. (Refer court judgements referred to in this article) .

Professionals are also aware that implementation of a comprehensive privacy program for an organization is not as simple as drafting a Privacy Policy for the website. It involves establishment of a Privacy culture in the organization which requires time. Hence prudent professionals and organizations need to  start early to retain a competitive advantage.

FDPPI hopes that professionals would take advantage of this opportunity.

For more information contact fdppi@fdppi.in.

Naavi

FDPPI has set up a working group to develop a code of practice to bring data value into the financial statements of companies. The main objective is to bring “Visibility” to the value of assets held by an organization in the form of Data which needs to be secured. It may also help in the proper valuation of the organization in times of Mergers and Acquisitions and when insolvency petitions are considered by NCLT.

The suggestion is to develop a methodology for valuation acceptable to the larger sections of the society including the Government and the community of accountants. Hence FDPPI invites suggestions from the public on how data can be valued.

Presently we are focusing on Personal Data and the same methodology with suitable modifications would be extended to Non Personal Data when the new law as suggested by the Kris Gopalakrishnan committee is near finalization.

In order to trigger the thoughts we are making the initial version of suggestions placed before the committee by Naavi 

Comments can be sent to the Committee to reach them before May 31st 2021, through e-mail fdppi@fdppi.in with the subject line marked “Data Valuation”.

Please do contribute your thoughts.

Naavi

FDPPI has been conducting different training programs to build the skill sets required to be a competent Data Protection Professional in India. Currently three programs have been launched namely the Module I, Module G and Module A. These three modules cover the Indian Data Protection laws, Important Global Data Protection laws and also the knowledge necessary for conducting Data audits as required in the compliance scenario.

FDPPI is now launching a combined training program which incorporates the content in all these three modules over a 36 hour online program. The program is conceived as a week end program with 3 hour sessions on each Saturday and Sunday starting from June 19. The program is scheduled to go upto July 25th. Sessions will be between 10.00 am to 1.00 pm each day.

There will be three part examination at the end of the program. Each will be a 90 minute online examination.

On successful completion of the examination the participants will be issued a certificate either as “Certified Global Privacy and Data Protection Consultant” (CG-PDP-C) or “Certified Global Privacy and Data Protection Auditor ” (CG-PDP-A).

This program will be the first of the projects being undertaken under the co-branding arrangement with DNV.

At this point of time this is the most comprehensive training program available for Privacy and Data Protection Professionals in India.

More details are available here.

FDPPI is the leading organization in India focusing on development of systems and best practices  for “Privacy and Personal Data Compliance Management System” (PDP-CMS) and DNV is one of the oldest Management Certification organizations in the world.

The two organizations have come together in a collaboration that offers to the Indian industry co-branded services for building a Privacy and Data Protection Culture in the country and prepare the industry and professionals for the forthcoming Personal Data Protection Act in India through

a) FDPPI-DNV Certification program for Data Protection Professionals

b) FDPPI-DNV Certification of organizations for implementation of  for PDP-CMS (Personal data protection compliance management system)

c) FDPPI-DNV  DTS (Data Trust Score) evaluation

Mr Rajeev Panicker, head ICT business vertical for  Det Norske Veritas GL for India & Middle East Region. (DNV) addressed the FDPPI members on 12th May 2021, during the Jnaana Vardhini session and highlighted the essence of the collaboration between FDPPI and DNV.

Recognizing the value of the complimentary nature of the activities of the two organizations FDPPI and DNV have decided to make co-branded offers for the benefit of the community.

Accordingly, both organizations will offer services of each other to their clients and also execute projects by sharing their resources.

FDPPI has about 37 supporting members of which several members represent organizations which provide their services through revenue sharing arrangements with FDPPI. All of them will now be able to expand their services portfolio with the addition of the FDPPI-DNV co-branded services.

The arrangement is expected to expand the reach of both organizations and benefit the community at large.

Naavi

FDPPI (Foundation of Data Protection Professionals in India) is an organization dedicated to the empowerment of the Data Processing community in India.

The four dimensions in which FDPPI is working today are

a) Knowledge enhancement

b) Implementation Support

c) Advisory Services

d) Dispute Resolution

FDPPI started its Certification Courses in end 2019 with a Certification Course covering Privacy and Personal Data Protection Laws in India (Module I). It then introduced a Certification Course covering the Privacy and Personal Data Protection laws at global level by covering GDPR of the EU region, CCPA and HIPAA of the US region along with Singapore PDPA, Dubai DIFC DPL, and Brazil LGPD. (Module G). Towards the beginning of 2021, FDPPI also completed the Certification of Data Audit skills with special focus on the unique PDPSI (Personal Data Protection Standard of India) framework.

Recently FDPPI has embarked on two important activities to provide advisory services. The first was to set up a Data Protection Emergency Response Team (DPERT) which will not only track the data protection incidents world over, but also provide quick guidance to organizations  confronting suspected or confirmed data breach incidents. The second initiative is the development of a “Personal Data Protection Guidance Board” (PGPDP) consisting of experts who can develop “Codes Of Practice” for personal data protection.

The PDP-AB is an ambitious project of FDPPI which should help the community of Privacy and Data Protection Community to come together under one platform and contribute to the cause of Privacy and Data Protection in India.

PDP-CC (PDP Code Committee) is a body of experts who will work towards creating Codes and Practices for adoption towards compliance. It should help  development of  a “Self Regulatory Best Practice Code” without waiting for the Government to pass the Bill and make compliance mandatory.

Indian corporate world has an unsavory reputation that unless some thing is made mandatory, they would not be interested in compliance. Once the PDPB 2019 is passed into an Act, compliance would become mandatory and non compliance expensive. But until then Compliance is still under ITA 2000, mandatory but with low prospect of punishment for non compliance.  FDPPI would however wish that the Indian Corporates would prove the sceptics wrong and start adopting the principles of PDPB 2019 as the due diligence under ITA 2000/8 and be compliant before the mandatory provisions kick in.

PDPAB and PDPCC are therefore likely to be  significant contributors to the development of a self regulated Data Processing industry in India.

The fourth dimension of FDPPI is when disputes arise in the compliance environment and we need to provide dispute resolution support. Such disputes could be between a Data Fiduciary, a Data Processor and a sub contractor or between a Data Principal and the Data Fiduciary.

The Data Principal-Data Fiduciary dispute comes under the powers of adjudication and Appellate Tribunal under PDPB 2019 and hence DDMAC role may be limited in this context to Mediation. But in other cases it may provide arbitration support. Additionally DDMAC would also provide e-Ombudsman services to companies on request.

Under these four different dimensions, FDPPI will be working to serve the PDP community in India in different ways. To support these initiatives, FDPPI also undertakes other ancillary services as may be necessary.

FDPPI is today an aggregation of nearly 200 professionals who work in the space of Privacy, Data Protection and Information Security. As we grow, attempts are being to formalize the operations but it would take some time for FDPPI to come out of its “Start Up” phase and get fully established.

I take this opportunity to invite once again all the professionals who are interested in contributing to the cause of Privacy and Data Protection to join hands with FDPPI and take it forward.

Naavi

The Bureau of Indian Standards has released the IS 17428 part I and Part II as Data Privacy Assurance Requirements and Guidelines.

FDPPI has already released the PDPSI standards which are inclusive of the ISO 27701 which is a GDPR based Personal Information Management Standard (PIMS).

We welcome the release of IS 17428 and ensure that PDPSI would be inclusive of the best practice indications in IS 17428. However PDPSI will stand out as “Inclusive but Different” and continue to be a unified  “Certifyable Standard” for compliance of data protection  regulations.

PDPSI compliance will therefore be inclusive of the essence of IS17428 compliance while the vice-versa may not be true. However, if there is any conflict between IS17428 and PDPSI, the PDPSI will call out the conflicts.

More information about how the IS 17428 will merge with PDPSI will be provided in due course.

Naavi

PDPSI or the Personal Data Protection Standard of India was introduced two years back and after continuous evaluation and fine tuning, has been adopted as the framework for certifying compliance of an organization for Data Security.

PDPSI will cover compliance requirements of current ITA 2000 (Section 43A), the proposed (PDPB 2019), GDPR and other global data protection laws applicable to an Indian organization.

PDPSI is therefore a “Unified Framework for Multiple Personal Data Protection Regulations”.

PDPSI incorporates all the best practice requirements of ISO 277001 and extends it further to new areas of data protection requirement.

FDPPI has created two types of trained professionals namely the “Certified Global Privacy and Data Protection Consultant” (CGPDP Consultant) and “Certified Global Privacy and Data Protection Auditor” (CGPDPA) through a rigorous training program covering data protection laws of India, data protection laws of major countries such as EU-GDPR, CCPA,HIPAA, Singapore PDPA, Dubai DFC, Brazil, LGPD etc besides Data Audit skills and the nuances of the PDPSI framework.

The PDPSI framework is also being released as a general guideline for organizations for self implementation. It could be considered as the recommended “Code of Practice” . The CGPDP Consultants will be able to assist the organizations for implementation by developing customized policy templates and technical architecture that may be required for the compliance. CGPDP Auditors would be able to get the organizations “Certified” under the Certification system which has been adopted by FDPPI.

Under this program, FDPPI will be accrediting Certification Bodies which are organizations who would undertake PDPSI based audits and certifying organizations. Every such organizations would be required to engage the services of at least one CGPDP Auditor as a “Lead Auditor” under a contractual binding. Such a Lead auditor associated with the Certification body would guide other professionals under them to conduct the audit leading to Certification.

The PDPSI audits will include DTS evaluation which will also be registered with FDPPI. It will also include a mandatory feedback from the organization to FDPPI along with a consent (or rejection) for publication of DTS. PDPSI auditees will also be provided limited assistance for maintenance of the audit through a mentorship program where a qualified “Mentor” would be available for quarterly consultation on critical issues of compliance.

The Certification bodies will be free to charge their fee for conducting the audit but would be paying a nominal registration fee for accreditation and a nominal per assignment fee for registration of DTS and maintenance support given by FDPPI following the audit certification.

At the time of accreditation, the Certifying body would be signing an MOU along with the designated Lead Auditor.

More details can be shared on request.

Naavi

At Rs 30000/- FDPPI offers three Certifications modules leading to the coveted “Certified Global Privacy and Data Protection Consultant” .

Online training for 55 hours followed by three online examinations with over 1000 pages of reading material will prepare professionals for taking up the responsibility of a Data Protection Professional.

Top performers may be accredited as PDPSI Certification auditors.

Contact FDPPI today.

Naavi

Since 17th September 2018 when FDPPI was born, FDPPI has traversed a long journey in a relatively short time.

In order to keep on record some of the developments for the information of new members who are joining the organization, I try to give below a brief narration of the developments.

Details about FDPPI constitution, membership etc is available at different sections of this website.

In essence, FDPPI is an organization of the Data Protection Professionals, for the Data Protection Community.  The “Supporting Members” are the delivery channels through which FDPPI renders its services to the community.

Individual members are provided with many services for knowledge enhancement, Certification and Career advancement as explained here. Additionally Companies are provided with “Corporates Services”  to help them in implementing Data Protection

Jnaana Vardhini

One of the first objectives of FDPPI was to spread awareness of Privacy and Data protection in India so that India does not lag behind the world in the field of Data Protection. Accordingly, FDPPI started with a series of weekly webinars under the “Jnaana vardhini Series”.

Upto end 2020, 54 webinar sessions had been conducted and in 2021, so far 4 sessions have been conducted. In these 58 sessions, FDPPI has tried to disseminate knowledge about Privacy and Data Protection. Most of these sessions are available as video recordings in YouTube.

Additionally a messaging group “FDPPI Knowledge Group” functions on Telegram and doubles up as a communication between members and other guests who have been admitted to the group and also to spread knowledge through discussions. Since most of the members are themselves experts in the field knowledge acquired by sharing is immeasurable.

In addition to the weekly webinars FDPPI members have been conducting free educative sessions on many other forums and created a treasure house of knowledge for persons who would like to understand the Data Protection and related concepts.

Indian Data Protection Summit 2020

As a further step towards spread of professional knowledge, FDPPI conducted the Indian Data Protection Summit 2020 as a virtual summit along with the Bangalore Tech Summit held by the Government of Karnataka in November 2020.

CDPP Programs

In a further bid to provide professional certification programs, FDPPI created a series of Certification programs namely

a) Certified Data Protection Professional-Module I (Covering Indian Data Protection Law)

b) Certified Data Protection Professional-Module G (Covering Global Data Protection Laws)

c) Certified Data Protection Professional-Module A (Covering Data Audit Skills)

These certifications were offered independently as a part of a 5 module larger program in which modules on Technology and Behavioural Skills are due to be introduced in future.

Each of these programs were conducted as online training followed by an online examination. After the programs were conducted online, recorded sessions were made available through an “On Demand, Video Streaming Facility” so that the certifications can be availed on tap by interested persons.

Those professionals who have completed all the three programs were further recognized as “Certified Global Privacy and Data Protection Consultant” or “Certified Global Privacy and Data Protection Auditor”

The Consultant or Auditor so certified have been considered eligible to provide services related to implementation of data protection compliance in organizations and certification of organizations along with an assessment of DTS (Data Trust Score).

It may be noted that most of the persons who are certified under these schemes have also been professionals who might have the experience of similar certification programs conducted by other international orgnaizations like IAPP which conducts certification programs on GDPR and other international laws and have found the FDPPI certifications extremely valuable.

The objective of FDPPI certifications is to ensure that there is an distinctive knowledge enhancement and evaluation of understanding through examination so that the certified persons can be expected to be useful to their respective organizations. It is not simply experience based nor on mere attendance of training programs. This has been appreciated by all the professionals.

In the event the Indian Data Protection Authority introduces any criteria for accrediting Data Protection Auditors or Data Protection Officers, FDPPI certified professionals are likely to start with an advantage in terms of the knowledge requirements.

FDPPI has guaranteed that all those who have currently undergone the training for Module I on Indian laws will be provided with a one time n additional bridging session when the Personal Data Protection Bill 2019 becomes a full fledged laws.

Subsequently programs for continuing education would be introduced so that Certifications can be kept current.

Since CDPP programs of FDPPI also cover global laws such as GDPR, CCPA, Singapore PDPA, DIFC-DPA, LGPD-Brazil, HIPAA etc., the programs are considered “Made in India for the World” category of service.

PDPSI

The second most important contribution of FDPPI to the Data Protection world has been the introduction of the “Personal Data Protection Standard of India” or PDPSI. A concept which was pioneered by Naavi has been developed and fine tuned into a system which today provides a framework for compliance both as a self implementation mechanism by organizations as well as a Certifiable standard.

The uniqueness of PDPSI is that it is a “Unified” framework that can be used for simultaneous compliance of multiple data protection laws such as Indian PDPA along with GDPR. The sub modules of PDPSI framework provide the adaptability to different data protection laws that can be applied in an organization which has exposure to multiple jurisdictions.

Further PDPSI automatically incorporates the evaluation of the Data Trust Score (DTS) which is a measure of the Data Protection compliance maturity of an organization and is mandatory under the Indian law.

FDPPI has now set up a mechanism for Certifying an Organization through accredited PDPSI auditors.

A Unique feature of the PDPSI audits is that the audits are registered with FDPPI along with DTS and the auditee organization is provided with support subsequent to the completion of the audit through a “Mentoring” program with a limited quarterly consultation to clear any doubts in implementation. Though these are not “Review Audits”, they provide an opportunity for the auditee organizations to tap the experts of FDPPI to get some quick clarifications critical to their implementation of PDPSI compliance suggestions.

PDPSI is another unique “Made in India for the World” contribution of FDPPI. It is an open standard and will relieve the complying organizations from the burden of proprietary international standards.

DPERT

One of the recent services that has been introduced is the setting up of DPERT or Data Protection Emergency Response Team on the lines of the CERT organizations that function in the domain of Cyber Security.

The DPERT would be a team of experts chosen by FDPPI and would provide some quick suggestions for any reference from organizations who report any suspected Personal data breaches.

DPERT will work in close association with the law enforcement authorities and regulators and assist the companies in taking right decisions in times of a crisis.

DPERT will remain a free service to the society and where an in depth consultancy is required, will guide the companies accordingly.

DDMAC

DDMAC or Data Disputes Mediation and Arbitration Center is another unique service that FDPPI is bringing to the society and is in the final stages of introduction.

DDMAC is  a platform which can be used both offline and online for dispute resolution in the Data Processing industry. DDMAC will develop  a set of neutrals who are experts in data related regulations  and also trained in the art of Mediation and Arbitration. It will be available to be used by Data Fiduciaries and Data Principals to redress their grievances through ADR processes including Mediation and Arbitration.

DPJI

In order to ensure that knowledge dissemination to professionals occurs in a formal manner, apart from the information made available through the website of FDPPI, a journal titled “Data Protection Journal of India” has been started by FDPPI in 2021. The journal will be available at www.dpji.in.

Future Developments in pipeline

The above narration captures some of the developments in FDPPI till date. We will update this further. FDPPI is negotiating several collaborations some of which will fructify shortly. FDPPI is also working on additional projects including an award for the “Data Protection Champion” etc.

FDPPI has more than 150 professional members today and each one of them is an expert in his own domain. FDPPI being an aggregation of these professionals it has all the strengths of these professionals within its umbrella. FDPPI’s strength is therefore not limited to its employee force and hence when the full potential of its members is harnessed, it will be one of the biggest Data Protection Consultancy organizations in India.

Let us look forward to glorious days ahead and welcome more members to join this movement.

Naavi

The Audit is always a “Snapshot concept”. The auditor gathers his observation and as on the date of his certificate adds his disclaimers that to the best of his knowledge and in good faith and based on the evidences  provided, he certifies that the organization is compliant. The Certification sponsors do their best to properly accredit auditors with training and imbibe a culture of responsibility and ethics  to ensure that audits are meaningful.

However industry practitioners know that some accredited auditors take their work lightly and issue certificates without proper assessments.

The auditor escapes his responsibility because the moment the audit is over, it is entirely the responsibility of the organization to maintain the controls suggested and taken on note during the audit. While we can understand that the auditor cannot take more responsibility on an ongoing basis, from the point of view of the CEO, it is often felt that audit is a money making game and it has no real value to the organization.  Organizations still go through audit certifications because the customer feels more assured and it has become a ritual to ask for certifications.

We need to change this perception of auditors and the perception on the system of audit. Audit is not a money making tool. It should be an instrument of change in an organization.

Naavi therefore suggests what could be a revolutionary concept in IS audits through the PDPSI (Personal Data Protection Standard of India framework that is being developed through FDPPI. (Foundation of Data Protection Professionals in India).

FDPPI has envisaged the engagement of PDPSI in two modes namely “Consultancy” mode ” Audit” mode. In the consultancy mode, a PDPSI consultant works with an organization to conduct a Risk assessment, develop a Gap analysis report. The PDPSI comes with a table of  “Model Implementation Specification” (MIS) and it could be basis on which the gap report emerges. But the organization may decide that they have a certain level of  “Risk Appetite”  and hence all controls in the MIS is not relevant for them and they would like to implement only a truncated version of MIS.

This truncated version is what is referred to as “Adopted Implementation Specification” (AIS) and is like the “Statement of Applicability” or SOA.  The AIS is supported by a “Variance Justification Document” (VJD)  where there is a documentation of why the organization thinks that a suggested MIS control is not relevant or needs modification. This concept is similar to the HIPAA concept of “Addressable implementation specifications” in its security rule.

The PDPSI consultant will work with the organization until this AIS with VJD is signed off by the top management. This AIS will then be the “Implementation Charter” for the DPO. If the implementation charter is faulty, then the responsibility is with the management. The DPO’s role is to understand and implement the AIS in good faith.

The PDPSI auditor when he enters the scene will ask for the AIS. If it is not available, the auditor will conduct his own risk assessment, develop a gap report and submit it as the first deliverable. He will then wait for the management to either give a go ahead for the gap report as presented which means that the MIS becomes identical with AIS. If not the management may come up with its own VJD and fine tune the MIS into its approved AIS which becomes the implementation boundaries set by the company for itself.

The Company may take a stand that they are only interested in the AIS as adopted and the auditor can check if they have done it properly.

The PDPSI auditor therefore looks at the AIS item by item, calls for evidences and decide whether the AIS items have been implemented “Satisfactorily” or “Not”. This is a binary decision and for an organization there has to be 100% satisfactory report. Where there is a “Not satisfactory” remark, the organization can justify its non compliance based on a new VJD. The auditor will go with the decision of the company and close his audit.

However, every PDPSI audit also involves a DTS (Data Trust Score) assessment and in this document, the auditor will express his own view on how good is the implementation with reference to the MIS. If an organization is callous and truncated the MIS to an unjustifiable AIS, then it will suffer from a low DTS. The auditor need not fight with the organization and forced to issue a “Satisfactory” report when he is really not satisfied. In effect in this system the auditor’s report only says “I am satisfied that the Company is in satisfactory compliance with whatever AIS has been adopted”. The DTS expresses the real assessment of the auditor which is provided to the auditee and it is open to them to hide it and not disclose it.

The DTS however is reported by the auditor to the FDPPI and hence it gets recorded and cannot be manipulated subsequently.

The PDPSI system envisages that at the closure of the audit, the auditee will send one “Audit Closure Feedback” to the FDPPI. In this if the auditee has serious reservations on the DTS, it can be sent so that an opportunity would have been given to the organization to object to any DTS element.

After this FDPPI would allocate a mentor for the PDPSI completed audit as an optional service so that the DPO of the organization can on a quarterly basis check with the mentor if there is some action to be taken. For this purpose the DPO may discuss any significant “Incident” in confidence and get a feedback whether he needs to make further investigations etc.

This “mentoring” service ensures that FDPPI continues to be in an engagement with the client and does not drop him like a hot brick once the audit is closed and payments are settled.

The role of a “Mentor” is however limited and lower than the role of the “PDPSI Consultant”. Also the Mentor will not be the same person as the auditor. He can however be a consultant if required. Mentor will fulfill the role of providing a quick feedback in crisis situations will be like an “Emergency Consultancy” service so that DPO will have a friend to consult in times of need. He will be a “Friend of DPO”.

The auditor and the mentor would be offering their services under FDPPI disclaimers. Consultant is engaged by the company on a contractual basis.

PDPSI is a pioneering system and the SOPs are under development. But the end objective is clear. The PDPSI is meant to support the Data Protection Eco system on a continuing basis and is not meant to be only a money scooping activity.

FDPPI will develop a “Data Protection Emergency Team” (DPERT) which will have a pool of mentors from whom the service would be provided. Only FDPPI certified consultants/auditors would be constituting this DPET.

We are aware that in the sceptic world, the intentions of FDPPI will have to go through a process of testing and trust building. The team of FDPPI is working towards establishing the trust of the organizations and we welcome the views and suggestions of experts.

Naavi