FDPPI is your Privacy Companion

FDPPI is the pioneer in India for development of skills required for being an efficient Data Protection Officer in India. FDPPI’s “Certified Data Protection Officer” program has already been rolled out with the first batch of the first module of the program having been completed on 23rd February 2020.

Cyber Law College, a division of Ujvala Consultants Pvt Ltd, which was the pioneer in introducing Cyber law courses in India in the year 2000 was also the pioneering training partner for FDPPI in conducting the first training program of the “FDPPI Certified DPO” (FCDPO-I) program.  It will continue to work on more of such programs either online or offline as well as working on other modules as envisaged for the multi model program.

FDPPI’s program for development of skilled DPOs in India, is conceived by Naavi with the vision of developing an alround DPO personality which includes “Knowledge with Attitude and Commitment”.

The motto of FDPPI is the development of “Knowledgeable, Efficient and  Ethical” eco system in India for Data Protection.  Accordingly the DPOs who will be the custodians of developing such a system have to be knowledgeable as well as have the right attitude required for a DPO without losing on the commitment to the requirements of the profession which includes the loyalty to the nation.

“Data Protection” is not simply understanding the clauses of the PDPA. Being aware of the law  is only the knowledge part.  The attitude part covers preparing the DPO to tackle challenges on three fronts namely being answerable to his boss within the organization which pays him the salary, the DPA which has a duty to protect the Privacy of Indian individuals and the Data Principals  who look at the DPO as the custodian of their Privacy Rights.

While most of the international certification programs end with the testing of knowledge of the law, FDPPI’s program as of now recognizes this as only different modules of the development of the awareness about the law.

The Module 1 (or Module-I) which was completed recently, covered the knowledge level of Indian law as at the present level along with a comparison with GDPR which is the other globally known law.

The future modules envisaged are

Module 2: (Module I+)

More on Indian law when the law is passed into an Act, a DPA is appointed and the DPA issues some basic regulatory guidelines.  This program will be only undertaken after the required developments take place. Hence we need to wait for some time to roll out this module.  (Eventually, Module I and I+ would be merged into one)

Module 3: (Module T)

This module will cover the technology related knowledge essential for an efficient DPO. This will cover the technologies required for compliance and will also discuss the challenges to data protection arising out of the new technologies particularly in the field of AI, Big Data, Encryption etc.

Module 4: (Module B)

This module will cover the behavioural aspects related to an efficient DPO. This will cover interpersonal relationship skills including Leadership, Decision Making, Motivation, Team Building, Counselling, Conflict resolution etc.

Module 5: (Module G):

This module will cover a study of at least 5 international data protection laws including an in-depth study of GDPR and Data Protection Laws applicable to USA along with some other relevant laws such as  Singapore, Australia as well as one optional country. This would be more an extension of the “awareness of law” from the Indian laws covered in Modules I and I+ to the global scenario

Module 6: (Module A)

This module will cover the skill requirements of a “Data Auditor” and follows the modules I, I+,T and B. This will encompass the system audit, information security audit and focus more on the harm audit, the DPIA and the annual data audit requirement under the law.

It is expected that in due course I and I+ will be merged into one and the other modules such as T, B, A and G will remain independent.

FDPPI realizes that the content in each of the individual module is dynamic and would evolve over time. For example a Module T conducted in 2021 would be far more advanced than Module T conducted in 2020. To some extent Module B may not change much. Module G is also dynamic because new laws may come in. The laws of Europe and USA could be a common factor while others could be changed as per the business requirements envisaged. Module A like Module B would also be more or less consistent except for the changes in technology  or law that may required to be factored in.

FDPPI has rolled out this plan of action and Naavi’s Cyber Law College will initially implement many of these modules as if it is an in-house implementation agency of these ideas. The objective is that when the Indian DPA is looking out for professional help for itself in designing the codes and practices and the conscientious industry players are getting ready in advance to be compliant before it is Compulsory, there will be a helping hand nearby with trained DPOs and Data Auditors.

At the same time, FDPPI wants to extend the partnership opportunities to other professional organizations who may have expertise in specific areas suitable for the different modules. They will work on a non exclusive basis to design and implement the training programs under these different modules. Some of the partners could work with regional focus and some could work pan India.

Towards this objective, FDPPI is open to receiving offers of “Training Partnership” with the motto… “Let’s together build Knowledge with Attitude and Commitment”.

Naavi

In pursuance of its objectives to create “Knowledgeable, Skilled, Ethical Data Protection eco system in India”, FDPPI has undertaken in association with Naavi’s Cyber Law College , conduct of a multi level program to develop professionals of the right skill sets.

The program to develop a global level set of professionals who can discharge their responsibilities as “Data Protection Officers” in India has now been set in motion and the first batch of aspirants took the online Certification examination on 23rd February 2020.

These aspirants undertook an online course in December-January conducted by Cyber Law College for creating the first level of awareness of the law as it exists today, namely the Personal Data Protection Bill which is before the Parliament. The students were provided the necessary course material which was also supplemented by the release of the book, “Personal Data Protection Act of India (PDPA 2020)” by Naavi released on 28th January 2020.

This course is considered as Level -I and at least 4 more levels are envisaged from time to time to ensure that these professionals will be trained with whatever is considered essential in terms of legal knowledge, technical knowledge and  behavioural skills.

The legal awareness is being addressed in three modules the first of which was completed now. The second will follow a few months  after the DPA comes into existence. Other three modules are parallel modules one related to International data protection laws, other related to technology and the other related to behavioural skills.

These five modules are offered as independent credit modules that can be completed at different points of time. The current focus is however on module 1.

Interested persons/organizations who would like to associate with FDPPI as training partners for the different modules are welcome to contact the management.

Naavi

The FDPPI presented its comments on the PDPA -Bill both through e-mail and in print through a personal interaction with the Parliamentary Committee.

A link to the copy of the comments would be made available soon.

A supplementary set of comments may be presented if required since the time for submission of the comments has now been extended.

The Personal Data Protection Act 2019 is presently in draft bill form before the Indian Parliament. A joint Parliamentary committee is presently reviewing the draft law and has called for public comments to be submitted by 12th February 2020.

In order to collate the views of FDPPI to be submitted to the committee a discussion was held in Bangalore.

Also Ms Sandhya Khamsera made a presentation on ISO 277001 on the occassion.

Some photographs of the day are given below.

Naavi

The Regional Council of Bangalore was reconstituted in a meeting on 8th February 2020.

The new committee consists of the following members,

1. T P Ashok  (President)
2.  Vasanthika Srinath
3. Deepalakshmi Vadivelan
4. Suresh Balepur
5. P.B. Vishwanath
6. V Nagendra
7. Na.Vijayashankar 

Naavi

FDPPI successfully completed the first course on PDPA which was conducted by Cyber Law College and Naavi, over 12 sessions spread over 6 week ends.  The examination would be conducted in the next two weeks and certificates will be issued from FDPPI.

Cyber Law College was responsible for the training while FDPPI will take care of the certification.

The program which was covered in a total of 18 hours was well received and has been considered as  a certificate titled  “Certified Data Protection Officer” (Level I).

Cyber Law College has already planned further modules of the program which will be rolled out in due course as Level II, Level III, Level IV and Level V.

Level II will be conducted after the regulations come in force. Level III and IV would be covering the Technical and other skill sets that would be required for a DPO. Level V will incorporate a training on other international privacy protection laws.

Following this program plans are being made for offline programs. FDPPI also offers complimentary program for the Directors of any company on the impact of PDPA, which is conceived as a 45 minute interaction. This will be conducted on invitation so that the knowledge of PDPA is spread among the stake holders.

Naavi

Certificate in Personal Data Protection Act (CPDPA) by Cyber Law College

In Association with

Foundation of Data Protection Professionals in India (FDPPI)

 Introduction

This course is meant to introduce the present and upcoming data protection law in India. The course is structured as a 12 session web based course and tentatively covers the following topics.

1. Evolution of Privacy Law in India. (ITA 2000-ITA 2008-Puttaswamy Judgement.etc.)
2. Understanding the Concept of Privacy and its relation with Data Protection
3. Applicability, Exemptions, Transitional Provisions
4. Data Principal’s Rights and Data Protection Obligations
5. Grounds of Processing
6. Transfer of Personal data outside India.
7. DPA and DPO
8. Compliance Obligations
9. Penalties and Offences and Grievance Redressal mechanism
10. Data Protection Challenges under New Technologies
11. Data Governance Framework
12. Interactive discussion

During the course of the discussion provisions of Information Technology Act 2000 (ITA 2000), as well as international data protection laws such as GDPR and CCPA will also be discussed through the focus would be on the Personal Data Protection Act 2018 (Draft law proposed by the Justice Srikrishna Committee).

The Course recognizes that the law is now developing and proposes to provide a free follow up session whenever the final version of the law is passed.

The course will be conducted through online sessions conducted through one of the platforms such as Zoom and connectivity links will be sent to the registered students before the session/s through the registered e-mail.

The First Batch is scheduled to commence from December 7, 2019 with the first session from 11.00 am.

All registered students have been informed over the registered e-mail address about the commencement.

Any person who needs further information may contact Naavi.

Details of Cyber Law College are  available here

Details of FDPPI  are available here

Naavi

It has been announced that the Personal Data Protection Bill will be presented in the Parliament in the next session commencing from 18th November 2019.

While it is the intention of the Government to pass the bill in this session itself, it is certain that detailed discussions will be held both inside the Parliament and in committees.

In order to ensure that these discussions will happen with relevant study of the provisions, FDPPI and Cyber Law College is not only launching its Certificate Course in PDPA in November but also ensure that any changes that may occur in the draft bill is also part of the course.

The Course details of which has already been announced (For updates visit www.cyberlawcollege.com) will commence from December 7th and will be held on week ends between 11.00 am and 12.30 pm for 6 weeks. (Due to unforeseen circumstances, the date of commencement originally meant for November 30 has been postponed by a week. Kindly excuse me for the inconvenience)

All members of FDPPI will get guest invitations from Cyber Law College to attend without the Certification.  Members of FDPPI will also be able to sponsor their friends at concessional fee of Rs 5000/-instead of Rs 7500/-.

FDPPI will also extend this facility to certain partner organizations to a limited extent so that we will create as many number of persons as possible who have studied the Bill and be able to debate it with knowledge.

Naavi

Cyber Law College, which has been conducting Cyber Law related courses since 2000 as well as courses on HIPAA and GDPR, has now started a Web Class based course on Personal Data Protection Act.

This course for “Certificate in PDPA” will consist of 12 live sessions to be conducted by Na.Vijayashankar (Director Cyber Law College) and Chairman FDPPI and cover the following topics.

1. Evolution of Privacy Law in India. (ITA 2000-ITA 2008-Puttaswamy Judgement.Etc.) and
2. Understanding the Concept of Privacy and its relation with Data Protection
3. Applicability, Exemptions, Transitional Provisions
4. Data Principal’s Rights and Data Protection Obligations
5. Grounds of Processing
6. Transfer of Personal data outside India
7. DPA and DPO
8. Compliance Obligations
9. Penalties and Offences and Grievance Redressal mechanism
10. Data Protection Challenges under New Technologies
11. Data Governance Framework
12. Interactive discussion and Review

Each session would be approximately for 90 minutes. It is envisaged that the course will commence in the second half of November 2019 and there would be two classes each week for 6 weeks. Exact schedule of the classes will be announced later.

As an introductory offer, the fees for the course is set at Rs 6000/- only.

A Copy of the prospectus is available here

Existing members of FDPPI can sponsor/refer any participant and such participants would be provided a cashback of Rs 1000/-.

At the end of the course there would be an online test following which the certificates would be issued by FDPPI.

Interested persons may enroll at the earliest by visiting  here

Naavi

Watch the video on the introduction to the program here:

https://www.youtube.com/watch?v=cbwmdwF1YEI&t=123s

Data Governance is getting increased attention now since after the PDPA becoming a law there would be need for further legislation on processing of “Community Data” and “Aggregated Anonymized Data”. This may perhaps be addressed through a new legislation on “Data Governance”. The Government has set up an Expert Committee for this purpose.

More information on these developments are found here:

1. 1. Formation of the Expert Committee
   2. Views of Kris Gopalakrishna…1.. What do they indicate for the Privacy Regulation in India
   3. Views of Kris Gopalakrishna…2.. Leveraging Data for the benefit of individuals
   4. Views of Gopalakrishna …3…on Privacy
   5. Data Productivity vs Data Security
   6. What is Community Privacy? and who has the right of disposal?

There is every indication that “Data Governance Act of India” will sooner or later come into operation. It is good for the Data Protection Professionals to be watchful of these developments.

Data Protection will continue to be an important segment of Data Governance. But it is possible that a new outlook will come to bear on “Data Security” with a lot more liberal outlook than what the data protection professionals would be accustomed to today. The interpretations may move from the GDPR side to the CCPA side, unless the law is clear.

FDPPI will closely watch the developments on Data Governance and as a part of its activities will keep “Data Governance”  on our radar along with “Data Protection”.

In order to initiate the discussions, FDPPI is conducting a webinar on Data Governance on 12th October 2019 at 5.30 pm. Interested persons may contact fdppi.mumbai@fdppi.in for an invitation.

Naavi