FDPPI is your Privacy Companion

FDPPI has indicated its intention of undertaking a large scale “Data Protection Awareness Program in India” through education programs built around the core concept of “Data Protection”.

In this connection, FDPPI looks for collaboration with other organizations which are working in related areas and particularly the academic institutions to work together with FDPPI.

KLE Group of educational institutions has in the past collaborated with Naavi in spreading the knowledge of Cyber Laws in India and the first program titled “Certificate in Cyber Law by Cyber Law College in association with ……” started in collaboration with KLE Law College, Bangalore (Now called Bengaluru).  It then spread to GK Law College in Hubli (now called Hubballi), SDM Law College, Mangalore and JSS Law College, Mangalore.

Now KLE has again become instrumental in the current generation of knowledge dissemination, this time on Personal Data Protection.

FDPPI is proud to be associated with this prominent educational institution in Karnanataka which has over 100 years of service to the society behind it and over 265 different institutions in its educational fold.

On August 13th and 14th, a Virtual Seminar was organized by GK Law College, Hubballi on “Cyber Security and Data Protection” in association with FDPPI as the knowledge partner. The program was inaugurated by the Commissioner of Hubballi and Dharwar, Sri R.Dileep, IPS  and Naavi delivered the Key Note Address.

The entire program schedule in indicated in the brochure below:

The program was well attended by not only people from Hubbali but from the rest of India and even abroad. It was also live broadcast on Youtube.

We feel that this would be a trend setter in the Jnaana Jyothi program  concept undertaken by FDPPI.

Naavi

Foundation of Data protection Professionals in India is pleased to announce that it has become one of the first organizations in India to have appointed a Data Protection Officer to take care of the compliance requirements of FDPPI.

Dr Rakesh Goyal who is a well known information security professional has been appointed for the position.

Presently FDPPI does not collect personal data except in the context of membership and certification programs.

However in the coming days, with additional activities planned, the possibility of FDPPI collecting personal data if not the sensitive personal data is high. Hence acting in advance FDPPI has appointed a DPO.

The DPO will initially work on compliance on the basis of Section 43A of the Information Technology Act 2000/8 and also the compliance requirements as applicable under the Personal Data Protection Bill 2019, which is expected to be a law soon.

Naavi

Background

FDPPI is a pioneering organization that was the first organizational effort in India to mobilize the Data Protection Professionals into a “Community”.

The prime objective of FDPPI is to empower this community with knowledge that is relevant along with the right attitude and the general benefit to the society. The memorandum of FDPPI declares that “Knowledge”, “Efficiency” and “Ethics” are the three important aspects on which the community would be built up.

In pursuance of this objective FDPPI have already created a “Certification” program to recognize a minimal level of knowledge that our members prefer to have.

FDPPI started with the certification on Indian Data Protection Laws as it exists and as is emerging. It has now extended the Certification to the global laws to GDPR and beyond.

Soon a batch of “Certified Data Protection Law Experts” will emerge with Certifications both in Indian laws and Global laws.

These professionals will have the foundation knowledge about Indian Data Protection laws of ITA 2000-Section 43A and PDPB along with GDPR, CCPA, Singapore PDPA 2012, HIPAA and DIFC-DPA 2020.

We believe that the Indian Companies including the early movers like the SBI and Tech Mahindra who have already announced their intention of hiring DPOs for their organizations and the hundreds of other organizations will look upto these certified professionals for their future recruitment needs. Some of them may consider dipping into the pool of talent being created by FDPPI.

FDPPI has already developed the concept of Exchange of pooled resources by creating the group of Supporting members who could exchange their professional services through the medium of FDPPI.

Talent Exchange Program

In consideration of the emerging need of the Data Protection Market in India from both the demand and supply side, FDPPI opens up a “Talent Exchange Division”  where we invite reputed organizations seeking to recruit DPOs for their organization to get in touch with Naavi if they are looking for suitable talent.

Considering the need for confidentiality and the additional Privacy obligations that this responsibility would impose, this responsibility will presently be handled only by Naavi. Information would not be shared with any body else in the organization including the other Directors.

Any of the Companies or Head hunters who would like to look for candidates and any of the individuals who would like to be considered for the talent exchange program may write to Naavi through e-mail and confidently share the information.

Any of the individuals whether they are certified under FDPPI or otherwise may also register themselves in the Talent Exchange pool if they are interested in “Data Protection Related placements”.

If there is a need for sharing of any information, the information would be only used in a highly de-identified, near anonymised form until the interested parties are brought together by specific consent.

Request for registration may be sent to Naavi for approval and only approved registrations will be processed further. Any information that is not approved would be discarded and no copy would be maintained. Renewed requests can be made after 3 months. All requests may be sent with the subject line “FDPPI Talent Exchange Program” and any other mail may be filtered out. The designated email address for the purpose is ceac.naavi9<at>gmail.com

Registration Fee

For the individuals who are certified under the FDPPI program, no registration fee would be charged for enrollment as a prospective participant of the Talent Exchange Program. But all Certified people will not be enrolled except with their Consent. For others, a suitable registration fee would be charged. This would be directly communicated to the registrant.

Default

By default it is deemed that no member of FDPPI or Certificate holders would be considered interested in the program. Only those who opt in with a specific request would be considered interested.

Dispute Resolution

Any disputes arising out of this service would be subject to arbitration through ODRGLOBAL.IN only.

P.S: Watch out this page for any modifications/refinements in the system

In its bid to contribute towards empowering the Data Protection Ecosystem in India with more knowledge on the regulations sorrounding Data Protection, FDPPI is launching an awareness creation movement across the country on the current and emerging Data Protection regulatory regime in India.

The program titled “Jnaana Jyothi” would include conduct of “Invitation Lectures” through webinars to any organization and its employees who are interested in knowing more about the Indian data protection regime as it is unfolding now.

India is presently on the threshold of passing the Personal Data Protection Bill and has started discussions on Governance of Non Personal Data. At this point of time, there is a requirement for extensive outreach programs to let people know what  Personal Data Protection regulation means to them and what the Non personal data regulation can unfold.

Those organizations who want to take advantage of this Jnaana Jyothi program, can contact FDPPI to schedule invitation lectures in which different Chapters of FDPPI in Bangalore, Mumbai, Delhi and Chennai would participate.

Different professionals from each of these chapters would conduct these sessions presently on the webinar mode until the physical meetings can be conducted. Interested persons can contact any of our chapters for more information.

Naavi

The much awaited Module G program of FDPPI which will provide training on  many relevant Data Protection Laws of the world including GDPR, CCPA, Singapore PDPA, DIFC Data Protection law and HIPAA will commence today (11th July 2020)at 4.00 pm IST.

The sessions will be for 90 minutes each on Saturdays and Sundays starting from today upto August 23.

This is a significant step FDPPI has taken in preparing the Indian Data Protection Community to be aware of the multiple Data Protection laws to which the organisations in India are exposed to.

So far, Indian professionals had to opt for expensive global certification programs ane even in such programs the learnings were  often limited to one specific law such as GDPR. FDPPI recognizes that the life of a DPO in an Indian company is different from that of the DPOs in other countries. Most Indian companies handle personal data of different companies and it would be inappropriate if they apply “GDPR knowledge” alone as if every other law is covered by GDPR compliance.

FDPPI’s course is therefore structured to provide a reasonable overview of multiple data protection laws and given an opportunity for the student to develop a discerning view on these different laws.

FDPPI has already covered the Indian law separately in one full module over 14- hours of online training leading to certification of Module-I. Now this module called Module G will cover over 18 hours of online training and cover GDPR in fair detail and then the other laws to the extent feasible.

These certifications are two modules of the “Certified Expert Data Protection Professional” program developed by FDPPI.

While individual certificates such as “Certified Data Protection Professional (Module-G)”  will be issued to those participants who register for the Course along with Certification exam from FDPPI (Total Cost rs 18000), those who have opted only for the training and not for taking the certification exam (Total Cost Rs 6000/-) will receive participation certificate from the training partner, Cyber Law College.

This Certification program as well as the PDPSI framework of implementation of data protection regulation are two significant “Atma Nirbhar Bharat” initiatives taken by FDPPI in the field of Data Protection.

The objective of these programs is to establish “National Self Reliance in Data Protection Certifications, Implementation and Audits”

Those who have missed the registration and want to catch up before today afternoon when the program starts, may peruse the Prospectus and make payment through the following link to join the program.

REGISTRATION CLOSED

Naavi

While in India, the Personal Data Protection Act of India  (PDPA 2020) is awaiting clearance of the Parliament, Being compliant with the Personal Data Protection law has become the top of the mind concern for most corporate managers.

Some ultra cautious professionals are waiting for the Personal Data Protection Bill 2019 to be passed by the Parliament before doing anything towards compliance. The more optimistic professionals are however going ahead and getting ready for the law with the presumption that the law will get passed soon and even if it is delayed, PDPA being an extension of ITA 2000 is relevant as “Due Diligence” under ITA 2000 even today.

In the meantime other countries are racing against each other to introduce their own laws. DIFC, UAE, South Africa, Brazil, New Zealand have all introduced their respective data protection laws.

India being the global hub for data processing, Indian companies  often deal with personal data from multiple countries which exposes them to the compliance of  multiple data protection laws. Indian data processing industry is therefore looking for ways and means of finding out the best way to implement a Personal Data Protection System in their organizations which will enable them to be compliant with multiple global laws along with the upcoming Indian law.

Some of the large organizations with high stake in GDPR have adopted ISO 27701 as a standard for implementation to be compliant with GDPR

While ISO 27701 is tailored to meet the GDPR and  could serve the compliance of GDPR it will not meet the requirement of compliance of  PDPA.

Also, ISO 27701 is meant for the rich large corporations and will require the base compliance of ISO27001, 27002 and probably some other connected standards. Together it is a massive exercise and a massive expense unsuitable for smaller companies.

It is also imperative that we need to develop indigenous standards which are a reflection of our self reliance (Atma Nirbhar) in such matters.

Recognizing this need, the team of professionals in FDPPI (Foundation of Data  Protection professionals in India) have embarked on using the Personal Data Protection Standard of India (PDPSI).

This framework will  meet the unique requirement of being compliant with PDPA 2020.

PDPSI-IN would be the instance of the framework which would be tightly mapped to PDPA 2020. This is the immediate need for self reliance of PDPA compliance in India.

At the next stage, when we move from “Local to Global”, other instances of PDPSI would be developed for compliance of other data protection laws.

With this approach,  PDPSI-EU would be mapped to GDPR, PDPSI-CCPA would be mapped to CCPA and so on. These frameworks will  basically enable the Indian organizations with stake of multiple data protection laws to ensure compliance with ease.

It is possible that if the frameworks turnout to be useful to the industry, it can become standard frameworks to be exported.

Hopefully the Indian Government will see the potential of this thought as a “Make in India and Take it Global” concept and provide it’s support.

Watch out for more information on this. Contact FDPPI for more details.

Naavi

FDPPI has embarked on the Certification Training for Module G and the sessions will start from 11th July 2020. 12 sessions of 90 minutes each will be conducted on week ends from July 11th to August 16th, 2020, at 4.00 pm every Saturday and Sunday.

Registrations for the training is now open for non members also under the following terms.

1. Interested persons may enroll for the training at a payment of Rs 6000/-
2. The trainees may opt for Certification by payment of Rs 12000/- of which  Rs 6000/- would be considered as membership fee if the person intends to become a “Foundation Member” of FDPPI. Those who donot opt to become a member would be considered as “Patrons”.
3. The total registrations for the current batch will be limited to 50 including the registration of members already completed.  Hence interested persons may register at the earliest.

Payment can be made through the following link.

The complete information about the program is available in the enclosed Prospectus.

FDPPI, Foundation of Data Protection Professionals in India was started in September 2018 to be an organization of the Data Protection Professionals, By the Data Protection Professionals and for the Data Protection Professionals. Since India was intending to come out with a specific data protection law in India at that time, there was a felt need to create an adequate appreciation of Privacy Rights and the role of a data protection professional  the Data Protection Eco system in India.

FDPPI stepped in to fill the void and lead the Data Protection Eco-sytem in India with a clear focus on the Indian requirements. Though there were some other agencies who had a similar thinking, it was felt that there was a need to build a new entity by the professional community themselves.

Encouraged by a few like minded individuals, a core group of professionals set up FDPPI as a Section 8 Company (Not for profit) with “Limited By Guarantee” structure to align it with an acceptable structure of one member one vote as in a society structure.

Over the last two years, FDPPI has grown into an organization which has made substantial progress in educating the community on Indian Data Protection regulation as it exists today and emerging in the future. In association with Naavi’s 20 year old Cyber Law College, FDPPI rolled out its certification programs in December 2019 with the first Certification titled “Certified Data Protection Professional-Module I” (CDPP-M I)covering the Indian laws. But the goals were set higher to create an empowered community of “Certified Expert Data Protection Professionals” (CEDPP) with a a legal knowledge base covering Indian and global data protection laws, data protection technology and data audit skills along with an enhancement of behavioural skills required for Data Security Governance.

This enhanced vision of FDPPI to expand beyond the shores of India in terms of knowledge has gained a significant momentum today with the opening of its doors to membership from outside India and also launch of the next Certification module on Global data protection laws covering GDPR, CCPA, Singapore PDPA, HIPAA and Dubai DPL 2020. The certification training is set to commence from July 11th, 2020 and will lead to the title of “Certified Data Protection Professional-Module G”.

This is the second significant step for a professional to become a Certified Expert Data Protection Professional with a reasonable skill set of Legal knowledge supported by necessary technical, audit and behavioural skills to be a good Data Protection professional the community would be proud of.

FDPPI has placed emphasis on creating Ethical set of professionals empowered with the knowledge and skills and believes in Certification as a pointer to knowledge enhancement. Hence every module of FDPPI certification is associated with a mandatory training program to open the eyes of the professionals to a new area of their skill requirement.

India is yet to complete the formality of enacting the new Personal Data Protection Act, (PDPA) but by an innovative legislative framework, the currently available Information technology Act 2000 (ITA 200)) is functioning as the shadow of the proposed PDPA by the interpretation of “Due Diligence” and “Reasonable Security Practice” already enshrined in ITA 2000, of which the extension is the forthcoming PDPA.

In a way, PDPA India has become effective even before its passage as an Act and born out of the womb of ITA 2000 in the form of “Due Diligence”. This has been unique to India.

Several senior Corporate Professionals in the Privacy, Legal, Technology, Information Security and General Management domain have already been part of the FDPPI movement.

The journey has begun.. but there are many more milestones to cover in this local to global journey.

I invite all like minded professionals to join hands and expand this organization into a truly Indian originated global venture of Data Protection Professionals.

Naavi

FDPPI successfully concluded its third certification program on Indian Data protection laws. Any enquiries for further training and certification of this module may be sent to us to enable further planning.

FDPPI is now gearing up for the next Certification of Module G which will commence from July 11th. We expect that the knowledge of some of the international data protection laws such as GDPR, CCPA, Singapore PDPA, DIFC DPL 2020 and HIPAA which will be covered in this module will help enhance the knowledge level of the Data Protection Professionals who will be certified by FDPPI.

FDPPI believes that every certification should be backed by an incremental knowledge accretion and hence training is made part of the certification program. At the same time by keeping the fees for training and certification afforadable, FDPPI wants to take the knowledge to a larger number of professionals many of whom may be entering the Privacy and Data Protection Professionals for the first time.

One such person commented for the earlier certification program

“Great content and the questions are of international standards. Thoroughly based on understanding and not on rote system. Spending time on the materials is the key.”

We may recall that one of the objectives of FDPPI is to bring together Legal Professionals, IT Professionals, and others who work in different capacities in the Data Protection domain on this platform so that there is a better understanding and harmony between these different types of professionals. To some extent this is getting reflected in the profile of people who are taking the Certification program.

In the same spirit the next Module on Global laws will create a reasonable knowledge of how different countries have approached the data protection regulation , their relative strengths, weaknesses, the commonalities and differences.

We hope that this knowledge along with Module I will make a powerful combination of knowledge that empowers the next generation of data protection professionals in India.

Naavi

The much awaited module on Global Privacy and Data Protection Laws as part of the Certified Data Protection Professional Module G, conducted by the Foundation of Data Protection Professionals in India (FDPPI) is set to be launched on July 11, 2020.

Cyber Law College as the training partner of FDPPI will be conducting the first of the programs as a virtual program.

This module will cover the global privacy laws such as GDPR, CCPA, Singapore PDPA, Dubai Data Protection Law and HIPAA.

The complete information about the program is available in the enclosed Prospectus.

Naavi