When Personal Data Protection Bill 2019 (PDPB 2019) gets passed in the Parliament, companies will be scrambling to get on to the compliance band wagon.
While there will be many job opportunities for Data Protection Officers (DPO) trained in data protection, there will be many SMEs/MSMEs, who will not be able to hire trained DPOs since there will be a great shortage of qualified persons who are aware of the Indian Data Protection Laws and are capable of converting it into implementation plans for the organization.
Naavi has already started Certification training trying to make people understand the Personal Data Protection Bill 2019 and how it may translate into an Act. With Foundation of Data Protection Professionals in India (FDPPI), a not for profit company, Naavi has already launched a program for “Certified Data Protection Professionals” in two modules namely a module on Indian laws and module on Global laws. Naavi has also released a book which explains the Indian law as it is emerging.
Now Naavi has moved onto the next level of assisting the organizations on how they can go about compliance of the Data Protection Regulations through a framework that guides them through to compliance and prepares them to be certified as follows:
“Certified that ………………………….. (Name of the organization) has satisfactorily implemented policies, procedures and other measures to be considered compliant with the provisions of ………… (Name of the data protection act such as GDPR, PDPA etc) , with a Data Trust Score of …….. (Assessment score) “
Naavi has been discussing the PDPSI (Personal data protection standard of India) over the last two years in this website and other conferences. Now the concept is explained in greater detail in an E Book. This contains the comprehensive standard for compliance of data protection laws which can be implemented by any Personal Data Processing organization by themselves with a reasonable assistance from their in-house information security or privacy aware professionals.
FDPPI which is the Certifying Agency under the standard is shortly conducting “PDPSI Consultant Accreditation Training” to equip data protection professionals to be fully conversant with the provisions of PDPSI and assist organizations that may need their help.
Consultants may also conduct the audit on implementation already done by organizations with or without the help of other consultants and issue Certificates of compliance if the implementation is found satisfactory.
These initiatives help companies to get ready for compliance as soon as the law gets passed.
The E Book above contains the 12 standards and 50 implementation specifications that constitute the standard along with details of the certification system and DTS assessment system. (P.S: The book does not contain templates of policies which are to be developed by consultants based on different implementation contexts).
The framework under PDPSI incorporates the best practices and includes the controls normally suggested under internationally used standards and makes several innovative improvements.
Organizations interested in using the PDPSI framework may contact Naavi through e-mail.
(P.S: Kindly note that this is an imitative of Naavi and FDPPI and does not have prior consultation with or accreditation from any Government agency. After the Personal Data Protection Act comes into being, the Data Protection Authority is expected to publish norms for certification separately and this certification is expected to prepare the organization for the formal certification system that may be introduced by the Data Protection Authority in due course… Naavi)