PDPSI is a unique framework for Personal Data Protection as per prevailing data protection laws.
Its 50 implementation specifications cover the data compliance requirements under multiple data protection laws and is more than what other best practice standards such as ISO 27701 tries to accomplish.
Some of the PDPSI model implementation specifications try to put certain best practices hither to not being part of such frameworks into the radar of the organization. Details of these are already available in the PDPSI handbook.
There are three other innovations that PDPSI has introduced and FDPPI has adopted in order to further improve the assurance of the PDPSI audits in the industry environment.
First is to register the audit with FDPPI along with the DTS computation worksheet so that FDPPI is aware of the PDPSI certifications that are in the market.
Second is getting a feedback on the auditee including a permission if agreeable for disclosure of DTS.
Additionally, it is observed that after completion of an audit and its certification, the auditee often neglects to maintain the required data security discipline resulting in data breaches. At that time a question will be asked on whether the organization was audited, and if so whether the audit was deficient etc.
In order to make PDPSI audits more reliable, FDPPI will therefore introduce a system whereby the auditee will be required to send a quarterly report to FDPPI in which it will share any major incidents during the period and major changes in the business profile.
It is quite possible that the organizations may not send such reports in which case the responsibility of FDPPI would be reduced. If the organization considers it useful they may use this opportunity. In a way this will be like AMC service on the audit already completed.
FDPPI may charge a fee for such Audit AMC as it may deem fit.
Hopefully this would at least keep the need to be vigilant even after the audit certification will be ingrained in the auditee organization and this by itself be good for the auditee organization.
The details of the kind of reporting to be done etc are being finalized.