PDPSI is a Techno Legal Information Security standard developed for meeting the Data protection requirements in the Indian Jurisdiction.
It is modelled on the principle of Three dimensional information security approach involving Technology, Law and behavioural science.
This standard is originated by Naavi, the founder of www.naavi.org who is a pioneer in Cyber Law in India.
The objective of this standard is to focus on the requirements of companies in India which are exposed to the upcoming requirement of compliance of the Personal Data Protection Act of India (PDPA) along with other relevant Privacy and Data Protection laws that are mandatory for an organization operating in India including the current Information Technology Act 2000.
This standard is being developed on the open source principles where the standard is public and implementation is specific. In other words, this standard PDPSI can be adopted by any Data Auditor as a framework. The individual specifications that come as annexure to the standard may be improved upon and customized.
There will be one suggested implementation framework that comes along with the standard which can be used with suitable modifications based on the context by the auditor with an appropriate deviation disclosure.
Data Auditors are free to adopt the main standard without the adopting the suggested implementation specifications as suggested. They may in turn develop their own proprietary methods as a guide.
Auditors who want to develop their own implementation frameworks and publish the same on this site, they are welcome.
If they want to keep it proprietary, we respect their intellectual property right. We would however appreciate if they keep us informed of the existence of such proprietary implementation standards.
In due course, this website may provide a platform for them to reach out interested clients and sell their implementation specifications as a standard within standard.
This standard does not have any Government patronage and is purely a voluntary effort from the user’s perspective. We however shall endeavor to present this to the Data Protection Authority (DPA) as and when the set up emerges.
As a part of the discussions around PDPSI, this site will try to present its views on the various codes and practices that PDPA envisages in due course.
Naavi is also the Chairman of the Foundation of Data Protection Professionals in India (FDPPI) details of which is available at www.fdppi.in.
The PDPSI initiative is at present the initiative of Naavi the individual and does not constitute the views of any of the members of FDPPI or of the organizations that they may be associated with. FDPPI is however free to take its own independent view on the standard and also develop its own endorsed version of the standard or the implementation specifications as it deems fit.