FDPPI is your Privacy Companion

FDPPI welcomes the circular of CERT In to the empanelled auditors recommending the FDPPI’s three day program scheduled to be held at Bengaluru on September 27, 28 and 29 for C.DPO.DA. Certification.

It may be observed that FDPPI’s approach is to develop “Certified Data Protection Officer and Data Auditor” through this program. Most of the training organizations stop at discussing the requirements of a DPO who has the responsibility to guide implementation of “Compliance By Design” in an organization.

However, FDPPI considers that DPDPA envisages a definitive role for independent “Data Auditors” who will conduct periodical (annual) audits of organizations regarding the compliance of the Act. FDPPI believes that this is a statutory recognition for auditors who would be conducting “DPDPA Compliance Audit” .

FDPPI has therefore placed an equal emphasis on “Data Audit” in its C.DPO.DA. program which makes it globally unique. While in future we may split the program into two parts with the “Lead Implementer” and “Lead Auditor” roles being considered separate, at present both these are combined in the C.DPO.DA. program which makes it unique.

Accordingly, the curriculum of the program covers

The real impact of this program on the professionals and the organizations in which they work will be enormous.

a) The legal basis for Data Protection in the form of nuances of DPDPA 2023 along with ITA 2000, CPA 2019 and also international laws such as GDPR.

b) Implementation challenges for “Compliance by Design” with Technical and Organizational controls including the technical challenges of

-Data Discovery, Data Classification, Data Storage, Data Access, Consent Management, Management of Rights of Data Principals, Minor’s Data Management, Data Breach Management, Data Retention Management, Data Confidentiality, Integrity and Availability Management, Grievance Redressal management, Management of Consent Managers, Data Pseudonymization, etc.,

c) Governance Challenges related to how the risks can be assessed and managed including Data Valuation and using Cyber Insurance.

d) Conducting an Audit of how an organization has complied with the DPDPA 2023 requirements in a technical environment with a focus on how to look for evidence gathering and validation.

FDPPI’s Certification C.DPO.DA. is a crown jewel which would be available only for those who successfully complete the examination.

All persons who attend the program are given one free attempt at the examination. Examination would be online for a duration of 2 hours. If they opt out of the examination, they will get a “Participation Certificate”.

If they appear for the exam and cross the first cut-off point, they will be eligible for “C.DPO.DA-L1 (Foundation Level)” Certificate. If they cross the second cut-off point, they will be eligible for “C.DPO.DA.-L2 (Implementation Level) Certificate”. If they are able to cross the third cut-off point they will be eligible for C.DPO.DA.-L3 (Expert Auditor Level) certification.

Appropriate reading material would be provided both online and offline. Discussions will include lectures and Case study discussions.

It is our desire that we want to make the Program an elevating experience for all the participants.

Look forward to meeting you…

Naavi

At present there is a large section of professionals in India with expertise to conduct audits for Information Security and some of them are also engaged as “Auditors of CERT In Empanelled organizations”. The “Auditors of CERT In Empanelled organizations” were expected to be a hybrid type of auditors who were capable of assessing the Information System Controls from the perspective of compliance to the ITA 2000 provisions which was the law of the land. This required a “Techno Legal Understanding” that not all IS auditors could manage successfully.

With the need to now understand DPDPA 2023, the role of Techno Legal Auditors in India has undergone a further change and there is an urgent need to upgrade the expertise of “Technically qualified Information Security Auditors to understand the need to conduct audits with the Legal perspective”.

This transformation from Technical Information Security Audit to Techno Legal DPDPA audit is the need of the day and is being addressed by FDPPI though its C.DPO.DA. (Certified Data
Protection Officer and Data Auditor) Course.

In order to expand the reach of such course, FDPPI is conducting a three-day offline program exclusively designed for Information Security experts including “Auditors of CERT In Empanelled organizations”.

The first of such program will be held in Bengaluru, on 27th ,28th & 29th September 2024.

Venue:

Viveka Auditorium Yuvapatha,

#4, 31st Cross Rd, 4th T Block East, 4th Block, Jayanagar, Bengaluru, Karnataka 560011

Contact: fdppi4privacy@gmail.com

Payment for Registration can be made here:

Kindly note that all participants would be eligible for Participation Certificate with 18 hours CPE. The participants are also eligible for attending the online examination within October 15 and obtain the full certificate C.DPO.DA.

The normal fee of Rs 10000/- for examination is waived for the participants for one appearance within 15th October 2024. One year individual membership worth Rs 10000/- is also free.

The program would be lead by Naavi and would include several case study discussions and practical issues in the implementation of DPDPA Act and upcoming rules.

The program would also discuss the details of India based frameworks such as the Cyber Security Framework of CERT In and BIS standard (draft) for Data Governance and Data Protection. It may be noted that at present there is no other similar program in India with a focus on Indian requirements of data protection, particularly to the depth to which this program goes in.

Appropriate reading material would be provided during the program for the participants including a copy of the book “Guardians of Privacy…by Naavi”

This program will further strengthen the approach of FDPPI to develop an indigenous approach to the compliance of DPDPA using DGPSI along with CSF of CERT-In for information security of applicable personal information.

Price with GST

(For the Bengaluru Program only)

The program is designed for “Auditors of CERT In Empanelled organizations” and the capacity is a maximum 25 numbers. A few Auditors who are not “Auditors of CERT In Empanelled organizations” are being accommodated on specific request.

Payment for Registration can be made here:

One of the notable mentions made by Prime Minister Mr Modi during the Independence Day Speech yesterday was a call for development of Indigenous standards.

This was heartening since FDPPI has been working on the indigenous standard DGPSI (Data Governance and Protection Standard of India) which is meant as a framework for organizations to be compliant with DPDPA 2023.

Currently many organizations and professionals work around available but incompatible frameworks such as ISO 27001 and 27701 and claim that they are able to achieve compliance of DPDPA 2023.

This view arises both from the point that the companies know these frameworks, worked with them and are familiar. The fear of the unknown and “Resistance to Change” prevents them from even considering an alternative solution. Often they find excuse in the fact that their customers ask them if they are ISO 27001 compliant or GDPR Compliant and therefore they have no choice.

Choices can be considered only if there is a conviction that frameworks like ISO 27001 or 27701 were created for different contexts and though they may be best suited for those contexts, they need not be so for he Indian context.

For Example we have repeatedly drawn comparison to Cricket and pointed out that Gavaskar is a legend but today for the T 20 matches he is not the right choice ahead of say Suryakumar Yadav. Mr Neeraj Chopra may be the best Javelin Thrower in India but you cannot ask him to compete in discuss throw or shotput.

Once companies shed their resistance to look at the new frameworks, they need to understand what the framework suggests and arrive at their own conclusions about whether a customized ISO 27701 is a solution for DPDPA 2023 compliance or DGPSI is a better solution.

We must also accept that “Frameworks” are only guidelines and just because we follow a framework it does not mean that we are perfect in compliance. We all know how many companies in India are ISO 27001 compliant and whether they have the necessary security infrastructure. Implementation is therefore extremely important and this comes only with the understanding of the law of DPDPA 2023.

FDPPI in its One day workshops on “Implementation Challenges in DPDPA 2023” of the type being conducted in Navi Mumbai on August 31 and in Mumbai on September 1 addresses these requirements.

We invite all professionals in Mumbai and Pune to take advantage of this program and attend the same.

Naavi

Based on the discussions had in the event of July 27 at Bengaluru and taking into account the written comments submitted by participants, FDPPI has collated the views and submitted a report to MeitY.

FDPPI has not yet formed the sector wise SIGs and formulated the recommendations on sector basis.

We will await the next version of the rules to be released by MeitY for further action in this regard.

A Copy of the report submitted is available in the library link in the menu.

FDPPI and Naavi thanks all the physical and virtual participants of the event held yesterday at Bangalore. Special thanks to the panellists for sharing their valuable views. It was a hybrid event with the physical event happening at Suchitra Auditorium, Bengaluru.

Chief Additional Metropolitan Magistrate Sri C.K. Veeresh Kumar inaugurated the event and shared important suggestions for the effective functioning of the Dispute Resolution Mechanism under DPDPA/ITA 2000. Professor N K Goyal and Mr Rakesh Maheshwari (former Senior Director of MeitY) participated in the inaugural session (virtually).

Sri Rakesh Maheshwari gave a brief overview of the DPPDA Act and the proposed rules.

Naavi anchored the five panel discussions posing nearly 100 different questions to highlight the concerns related to the implementation of the proposed rules and the industry experts a few of whom participated virtually shared their views. In the process important insights have been gathered and are being collated.

All the participants have also been requested to present their views on the presently available rules and the suggestions will be collated and submitted to the MeitY.

Naavi

Those registered participants who have not received invitation for the curtain raiser event today may kindly send an email…Naavi

REGISTER HERE

https://www.iletsolutions.com/fdppi_conference

FDPPI will be conducting a day long deliberations with the industry on July 27 to discuss the DPDPA Rules as published for Public consultation and collate the views for submission to MeitY.

The tentative program is as follows.

Participation is by registration and physical participation is limited. Registration can be made here:

https://www.iletsolutions.com/fdppi_conference

Feedback survey forms will be distributed at the venue to the registered participants and later by email to the online participants. This will be collated for submission to MeitY.

All Registered participants will be provided a full rebate of their delegate fee from the C.DPO.DA. program in the next one month by iLet Solutions and a discount of Rs 499/- by the publishers of the book “Privacy Guardians…”

For more information and Registration

https://www.iletsolutions.com/fdppi_conference