FDPPI Innovation Center

In an effort to encourage its members to develop products and services in Privacy and Data Protection and generate IP in the domain, FDPPI is setting up a Center of Excellence and provide mentoring guidance leading to development of innovative products.

Where necessary experts associated with FDPPI will provide guidance and assistance in filing Patents so that over a period valuable IP may be developed in the domain.

Watch out for more details in this regard.

Naavi

Posted in Uncategorized | Leave a comment

DPDPA 2023 and DGPSI discussed with CIOs, Pune

FDPPI conducted a one day workshop on DPDPA 2023 and DGPSI with the CIOKlub, Pune on 6th January 2024.

During the day a very fruitful discussion was held with nearly 50 senior CIOs from different companies in Pune.

CIOKlub is presently working on conducting similar programs at other chapters of the organization during the next 3-4 months.

Posted in Uncategorized | Leave a comment

2024 would be the Year of DPDPA 2023 compliance

FDPPI would like to celebrate 2024 as the year of DPDPA 2023 compliance. After a long wait, the act has come into existence. Irrespective of the debate on its adequacy, FDPPI would like to dedicate the year 2024 for DPDPA 2023 compliance with as many activities as possible for spreading the knowledge of DPDPA 2023 across the professional world.

Watch out for more announcements in this regard.

Posted in Uncategorized | Leave a comment

The Day After IDPS 2023

FDPPI successfully completed the two day physical conference IDPS 2023 on te theme of Privacy Challenges from the emerging technologies such as AI, Metaverse. Quantum Computing and Blockchain based crypto currencies as well as Neuroscience also found some reference in the discussions. The DPDPA 2023, the upcoming DIA and the GDPR also was discussed to a brief extent.

One of the key thrusts was how to be compliant with DPDPA 2023 and the answer was provided in the form of DGPSI or Digital Governance and Protection Standard of India. Naavi not only pressed that DGPSI is the only framework at present for DPDPA 2023 and it incorporates the requirements of ITA 2000, BIS standard (draft released on August 10 2023) embracing the principles of ISO 27701 to the extent necessary.

Naavi gave a call to all ISO auditors to add DGPSI audit to their portfolio with a Six hour training on DGPSI and taking an examination for C.DPO.DA. which incidentally includes knowledge of DPDPA 2023, GDPR, US data protection laws and Singapore PDPA.

The exclusive program will be held in the month of December or early january once the Government notifies the DPB and initial rules.

Shortly Naavi will release his new book on DPDPA 2023 and DGPSI which will cover the DPDPA 2023 and DGPSI. Material on GDPR and other global laws will be available as a supplement to the book and together would form the basic reading material.

While training partners of FDPPI will continue to provide their virtual and physical trainings, current ISO auditors who have certifications as lead auditors of ISO 27001 with or without ISO 27701 experience as well as current CIPP certified persons can appear for the C.DPO.DA.exam directly. The passing of C.DPO.DA. would however require the knowledge of DPDPA 2023 and DGPSI. The attendance of DGPSI element of training would be mandatory while the other trainings are optional.

The pricing of FDPPI programs have been revised accordingly. Once the next exam date is announced, those persons who attended the last training program on Module A will be allowed to take the exam with whatever fees had been prescribed earlier. The new prices will be applied from 1st December 2023.

With this FDPPI will try to be focussing on examination and certification while the training partners will focus on training. While Cyber Law College will continue to be one of the training partners, other training partners who can conduct classes on Module I and Module G are welcome to register as Supporting Members/Training Partners and conduct training programs on a franchise model. In particular we are looking for individuals and organizations who can conduct physical programs at different locations in India or abroad. Details can be obtained from FDPPI.

Posted in Uncategorized | Leave a comment

Sab Ka Sath, Sab Ka Vikas

FDPPI has been in the forefront of empowerment of Professionals and Organizations for Personal Data Protection in India.

During the five years since its inception, FDPPI has introduced India specific Certification Program for Data Protection Professionals and today if any person is aspiring to be a DPO or undertake the profession of a Data Auditor, the clear destination is FDPPI.

Similarly if any organization is looking for a framework for compliance of DPDPA and Indian Data Protection Regime, the clear and only choice is DGPSI or Data Governance and Protection Standard of India.

While FDPPI’s C.DPO.DA. Certification program is the preferred choice for professionals over every other certification program on the basis of content and DGPSI based audit and assessment is the only choice for organizations for Certification for DPDPA compliance, FDPPI would like to be an organization that takes along all organizations and professionals with similar objectives to come together as a “Federation of Data Protection Professionals” in India.

FDPPI therefore has introduced a “Cross Certification Program” to recognize the efforts and investments made by professionals in acquiring qualifications like CIPP or CDPSE Certification and provide them an exemption from part of the training of C.DPO.DA. Though these programs only focussed on GDPR and not on DPDPA, considering the general training they have received in Privacy, we would provide them a short cut to completion of C.DPO.DA.

Currently auditors certified as “Lead Auditors” of ISO 27001 or ISO 27701 or PCI DSS, undergo intense training in audit aspects but not necessarily in any law since these audits are purely technical in nature and not Techno Legal in nature. However, considering their exposure to the industry, Accredited ISO lead auditors will be provided an accelerated path to becoming C.DPO.DA. auditor.

This is an attempt to follow the principle of “Sab Ka Sath-Sab Ka Vishwas” .

The accelerated path to C.DPO.DA. works as under.

Currently C.DPO.DA consists of three parts namely Module I, Module G and Module A.

Module I covers DPDPA and ITA 2000 (DIA when available)

Module G covers GDPR, US Data Protection laws, Singapore/DIFC laws

Module A is sub divided into two parts namely the first part consisting of essence of Audit Principles, ISO 27001 and ISO 27701 and second part which consists of DGPSI framework.

In what is proposed, professionals with current active certifications from IAPP and ISACA can directly take up Module A (both Part 1 and part 2 required). The Accredited ISO auditors can directly take Part 2 of Module A.

All professionals need to take the online examination for C.DPO.DA and pass through in one or more attempts. They can opt to take the training if required at any point of time though video streaming.

The Cost of the these accelerated programs from 1st November will be as follows:

Module A: Both Part 1 and Part 2: Rs 24000/- Plus GST of 18%

Module A-Part 2 only: Rs 12000/- plus GST

Examination fee: Rs 10000/- for first attempt and Rs 5000/- for second and subsequent attempts (plus GST)

Next Program for Module A will commence on October 28,29 and November 3/4

Naavi

Posted in Uncategorized | Leave a comment

FDPPI introduces “Cross Certification”

FDPPI has been a leading Data Privacy Certification agency in India. It’s flagship Certification program C.DPO.DA is a specially constructed Certification program for professionals engaged as “DPO” in Indian Companies or propose to be “Data Auditors” as envisaged under DPDPA 2023.

Indian Companies are exposed to both Indian data protection laws as well as laws of other countries if they are collecting and processing significant amount of data from outside India. Hence they need to be compliant with multiple data protection laws.

Further, FDPPI has structured a Compliance Framework namely Data Governance and Protection Standard of India (DGPSI) which is a Certifiable framework that can be used as an implementation guideline for “DPDPA Compliance By Design” and also for third party certification from accredited FDPPI auditors and further for Compliance maturity assessment through the system of DTS (Data Trust Score).

The C.DPO.DA, program therefore has three modules namely Module-I (Indian data protection laws), Module-G (Global Data Protection Laws) and Module-A (Audit requirements).

Module I covers DPDPA 2023 and ITA 2000 from the perspective of Personal Data protection and management as required under these laws.

Module G covers GDPR, US Data Protection laws such as HIPAA, CPRA and Singapore PDPA 2012 to provide a flavour of how international data protection laws impact an Indian company.

Module A covers the audit requirements for compliance of DPDPA 2023, relevant aspects of ITA 2000, ISO 27001, ISO 27701 and a detailed discussion of DGPSI as a audit framework.

It is the philosophy of FDPPI to make Compliance less complex and less burdensome to the organizations. Over a period the Certification industry both for individual professionals and organizations have grown into a maze of multiple certifications increasing the cost of Compliance and complexity of certification.

Typically today even in the Information/Data Security domain only, an organization goes through ISO 27001, ISO 27701, PCI DSS, SOC 2 etc. Similarly an individual professional undergoes multiple Certifications like CIPP-E,CIPP-US, CDPSE etc. Professionals and organizations also incur additional expenditure on maintenance of such certifications.

Despite the huge expenses none of these Certifications address the issue of Indian DPDPA compliance either in terms of building the knowledge at professional levels or in compliance by organizations.

All these increase the cost of professional qualifications, increases expectations of salary and increase in the cost of administration of compliance by organizations. SMEs/MSMEs will not be able to meet these costs and therefore may be forced to end up compromising information security.

FDPPI which is committed to societal benefits has therefore come up voluntarily to provide recognition of earlier certification by Professionals and allow them to become C.DPO.DA

Recognizing the historical fact that some organizations have already been present in the certification under global laws, FDPPI has decided to voluntarily offer a “Cross Certification” system to recognize the Certification already undergone by different professionals.

Accordingly, FDPPI will offer exemption from Module G to all those professionals who wants to take up C.DPO.DA examination for those who hold CIPP certifications from IAPP provided they provide the necessary proof of completion.

Similarly, for those who are qualified as Lead Auditors under ISO 27001/27701 programs, a direct entry to the last part of Module A on DGPSI would suffice to take the C.DPO.DA examination.

However passing the exam would be mandatory for certification.

This will ensure that the investments made by professionals in such programs will not go waste as they become C.DPO.DA. certificate holders.

Watch out out for more information on this …

Posted in Uncategorized | Leave a comment

Jago Regulators Jago: Event on October 17, 2023

Commemorating of October 17 every year as the day on which Indian Digital Society was born since the legal recognition of electronic document was first provided in India through ITA 2000 which was notified on October 17, 2000, has been a practice of Naavi for last two decades.

Last year we had a great virtual event under FDPPI banner. This year we had Manipal Law School (MLS) also join in the activity. I was doubly happy since even KLE Society with which I had conducted many such events in the past also was present on the occasion,.

The event was titled as “Jago Regulators Jago” recognizing that the “Awareness” programs which we are conducting for several years now to say that “Public need to be aware of Cyber Risks”, need to be elevated to an awareness of the regulators.

By regulators in the context of Cyber Crimes, we include Police, the Adjudicators under ITA 2000, the MeitY, MHA and the CERT IN.

The event saw the participation of Dr Triveni Singh along with a battery of professionals from industry, academia. Several advocates also participated in the half day conference held at MLS campus, Yelahanka, Bengaluru and also webcast in real time. Mr Balu Swaminathan, President of Cyber Society of India, Chennai who was associated with Naavi on several Cyber Crime investigations in Chennai was a special guest on the occasion. Dr Gulshan Rai could not join due to urgent alternate commitments.

Some very good suggestions have come forth during the event which will be added to this first report of the event.

The video of the event is available below.

Some of the photographs marking the attention are here

Naavi

Posted in Uncategorized | Leave a comment

Upcoming Trainings

FDPPI has the following ongoing training programs at present.

  1. Certified Data Protection Professional-Module India (CDPP-I)
  2. Certified Data Protection Professional-Module Global (CDPP-G)
  3. Certified Data Protection Proessional-Module Audit (CDPP-A)

All the three modules together will lead to C.DPO.DA which stands for Certified Data Protection Officer and Data Auditor

CDPP-I and CDPP-G are currently available on recorded Video mode supported by mentor assisted discussion sessions.

CDPP-A new virtual batch is commencing as week end course on October 18, 29 and November 3, 4, for 3 hours each starting from 2.30 pm to 5.30 pm.

Within the module A, on November 3 and 4, the sessions will cover DGPSI, the Digital Governance and Protection Standard of India and essential for conducting Data Audit under this framework.

Module A first part on October 28 and 29 will cover general aspects of Audit and ISO 27701.

The courses are offered individually or in combination to suit the needs of different persons.

Online examination would be required to complete C.DPO.DA certification.

All participants will get Course completion certificate and reading material.

Every module comes with complimentary basic membership of FDPPI and registration in the Indian National Register of Data Protection Professionals, together worth Rs 9000/- . This is for the first course undertaken by the professional.

Separately, Module I, G and A are priced at Rs 15000, 18000 and Rs 24000/- (All prices are inclusive of GST)

Different combinations such as Module I+A or G+A or I+G or I+G+ A are offered along with the last Six hours of Module A as “Lead Auditor Program for DGPSI”. The pricing for these different combinations are as follows.

Module I+G: Rs 30000/-

Module I+A: Rs 33000/-

Module G+A: Rs 36000/-

Module I+G+A:Rs 45000/-

Module A-DGPSI:R 12000/-

There is a single registration form as given below for all the modules. Make payment of the appropriate amount and indicate which modules are chosen.

Application for Enrollment for Certification Program

P.S: Training is offered by Cyber Law College (Ujvala Consultants Pvt Ltd) as Training Partner

Registration for Certification Modules

For more details, contact FDPPI over email. over fdppi@ fdppi.in

Kindly note that the sessions of the training program will be recorded

Posted in Uncategorized | Leave a comment

Some Responses from Students of C.DPO.DA

Recently we concluded the first post DPDPA 2023 certification program. Following are some of the responses received.

“The course was practice centric and application oriented.”

“I felt the questions were set in such a way that how someone would approach situations practically.”

“Overall good experience.”

“Overall the questions were more relativistic and based on application and overall understanding of our concept”

“You made the exam tougher than IAPP 😄”

“The overall experience of the examination was great! The pattern and questions in itself were very practical in nature and helped us apply our learning’s . Very exciting and enticing format. At the end there a certain level of satisfaction for the time and effort invested by FDPPI and us as students. .”

Posted in Uncategorized | Leave a comment

Five Year Journey of FDPPI

On 17th September 2018, Foundation of Data Protection Professionals in India (FDPPI) obtained its Certificate of Incorporation. It must be considered as a day of great significance to the Privacy and Data Protection industry in India since this organization was an organization of the Professionals, By the Professionals and for the Industry.

It may be considered that GDPR which became effective from 25th may 2018 and caused a big flutter in the Indian industry with the fear of extra territorial jurisdiction was the driving force behind the formation of FDPPI.

By January 2018, India had started working on its own Data Protection Law and on January 13th, the Justice BN Krishna Committee held a public consultation in Bangalore

Naavi started a campaign for building awareness about GDPR and its impact on India highlighting “Today is GDPR Day…Love it or hate it, you cannot ignore it”. Additionally Cyber Law College in June 2018 started a course on GDPR on the Apnacourse.com platform (Presently not available) and called for “Tame the Monster of GDPR”.

By June 21, 2018, Cyber Law College introduced an integrated examination combining the then existing Certified Cyber Law Professional, Certified HIPAA Aware professional and Certified GDPR Aware Professional and called it as “Certified Indian Data Protection Professional”.

By July, a draft of the Bill proposed by B N Srikrishna Committee became available and discussions shifted to the proposed Indian law.

In this background FDPPI was contemplated and with the encouragement of many of the industry friends it was decided to start FDPPI as a Section 8 company. Mr Nagendra Javagal came forward to be the other Promoter Director as FDPPI filed its MOA and got its Certificate of Incorporation.

On December 7, the first batch of Certification Course in PDPA (CPDPA) was started and an era of Indigenous Certification for Privacy was started. Since at that time IAPP nor DSCI did not have a similar course on Indian data protection law, FDPPI became a pioneer in Privacy Education in India in collaboration with Cyber Law College.

By Data Privacy Day 2020 (January 2020), Naavi’s E Book on Personal Data Act was published and became the first such book in India.

By June 29, FDPPI introduced Module G of its certification program covering GDPR and other global laws.

While India struggled with Covid and JPC struggled with PDPB 2019, FDPPI continued to upgrade its programs from PDPB 2018 to PDPB 2019.

In November 2020, FDPPI embarked on IDPS as its flagship program on Data Privacy which has since seen IDPS 2021 and IDPS 2022.

In December 2020, FDPPI introduced the Module A training program based on PDPSI and DTS assessment completing the DPO training loop from Module I, G and A.

In January 2021, the Data Protection Journal of India (DPJI) was started though it remains under suspension after July 2022.

As JPC presented the new version DPA 2021, FDPPI upgraded its certification program and kept in tune with the developments.

Finally when DPA 2021 was withdrawn, there was a sudden lull in the market but we went ahead with discussions on “Shape of things to come” and held IDPS 2022 under this theme.

Now as we prepare for IDPS 2023, the Government has passed DPDPA 2023 and FDPPI Certification programs have been upgraded once again to DPDPA 2023. The first batch of Certified DPO and Data Auditors under the new DPDPA 2023 passed out today .

FDPPI has now embarked on another global mission of developing the PDPSI framework into DGPSI framework (Data Governance and Protection Standard of India) incorporating the recommendations of BIS on Data Privacy in its Data Governance Standard.

FDPPI has also recently introduced the Indian National Register of Data Protection Professionals to create a recognition for trained professionals. This is intended to be supported by the FDPC (Federation of Data Protection Professionals in India as a service exchange platform). FDPC and DDMAP (Data Disputes Mediation and Arbitration Platform) are two platforms creating professional engagement opportunities for trained professionals from FDPPI.

Thus FDPPI has moved in 5 years to a pole position in the industry. Its weekly Jnaana vardhini sessions are a great resource for continued education and the Unique DDMAP (Data Disputes Mediation and Arbitration Platform ) is ready to provide support to the industry with another first for the country.

Towards this end of the 5th year we had the privilege of honouring Sri K S Puttaswamy (Retd Justice) as Privacy Pitamaha, etching the name of FDPPI in the history of Data Privacy in India.

Future appears bright, with nearly 400 associates who are together promoting FDPPI as members and supporters.

Presently FDPPI can boldly state that with its own Certification Program and Certifiable Framework for Audit and Assessment of Data Protection Compliance for DPDPA 2023, ITA 2000 and BIS data governance standard, FDPPI has firmly entrenched itself as the leader of Data Privacy in India.

I thought it was time to reflect on the past as we look forward to the future with optimism.

Naavi

Posted in Uncategorized | Leave a comment