Naavi.org

Despite the delay in the release of the DPDPA Rules for reasons which are not presently known to public, it is expected that sooner or later the rules will be released after the risk of Bihar elections and the possibility of a quick stay on the implementation of the Act by Supreme Court which is being speculated, is behind  us.

As a proactive measure Naavi/FDPPI is forming a Special Interest  Group on DPDPA Rules to study the rules when released, identify pain points for different sectors and provide a feedback to MeitY/DPB.

The SIG will be formed out of the persons who attend the C.DPO.DA. program in Mumbai on November 1 and 2 who will be the most recent trainees of  FDPPI on relevant issues.

This SIG will submit a report  asap  on the rules as notified and will continue to monitor the public views for  some time to enable the industry to absorb the impact of the rules and build it into compliance.

Naavi

Keeping in tune with the developments in the DPDPA 2023 scenario, the course on  Nov 1 and 2 to be conducted will cover the challenges of DPDPA Compliance in the AI driven technology environment.

Simultaneously we presume the new Rules will be notified by the Government. If the release of the rules is delayed, we will provide a free online session on the rules separately to all the participants.

The curriculum currently planned is

1. Legal nuances of DPDPA and the DPDPA  Rules
2. Classification of DPDPA protected Data (DPD)
3. ROPA as a strategic tool of Compliance
4. Governance  Structuring for meeting the obligations under DPDPA by a Data Fiduciary
5. Technical challenges of Management of Legal Basis for processing and Rights of Data  Principal
6. AI and its challenges in meeting the obligations
7. The Roles of DPO and Data Auditor in the DPDPA era
8. Use of DGPSI as a Compliance Management framework
9. Discussions and case studies

Within the time available, it is proposed that the focus would be on implementation challenges through examples.

To enable all to be equally aware of the basics of DPDPA 2023 as a law, advance video material may be provided to all the participants on the previous day (October 31).

All participants would also be provided a free one year Basic membership of FDPPI worth  Rs 6000/- so that they can be in touch with further developments.

The Early Bird Discount has closed. However  for registrations of groups of 3 or more, we may provide additional discounts. Kindly register immediately if interested.

We specially welcome some participants who are travelling from Delhi and Kolkata for their commitment to  learn. We hope too provide them complimentary membership for 3 years instead of  one year.

The examination will be available only after 1st December. The examination is online, Open book, Multiple choice question and can be taken at the convenience  of the  participants till end December 2025.

Please let us know if there are any other doubt. Naavi will clarify.

Naavi

Yesterday,  a virtual International seminar was conducted by DY Patil Law College Pune, Maharashtra in collaboration with Ram-Krishna Law firm, Chikodi, Karnataka. The theme  of the seminar was “Artificial Intelligence and Rule of Law, Challenges of Accountability, Transparency and Fairness”

During the conference several speakers discussed the emerging developments related to the Judiciary and the use of AI in drafting pleadings, Arbitrations, and even Judgements including automated settlements.

In the light of these developments discussions veered around the future.

Naavi delivering the Valedictory address  acknowledged the role of AI in reducing pendency of cases in Courts but highlighted that  until “Hallucination Free AI” is developed, it would be difficult to avoid fake and incorrect judgements.

Naavi also highlighted that there is a school of thought that AI has to be recognized as a juridical entity  and the  recent  developments such as the Albanian Government  appointing a Chat Bot as a  Minister indicate that developments may be getting out of hand before regulations  come in.

Naavi also highlighted that India opting to go for soft legislation in the form of voluntary guidelines is not  effective and we need a full fledged law with appropriate deterrents and a regulatory body.

Naavi

The increasing importance of Privacy and Personal Information Management system (PIMS) has prompted ISO to release a dedicated certifiable standard ISO27701:2025 in replacement of the ISO27701:2019 which was an extension of ISO 27001.

ISO 27701:2025 introduces a dedicated PIMS-specific management system framework with clauses 4-10 defining the structure, moving away from the previous dependency on ISO 27001’s framework. The standard maintains the traditional Plan-Do-Check-Act (PDCA) cycle structure but now provides specific guidance for privacy management systems. This restructuring includes context of organization, leadership, planning, support, operation, performance evaluation, and improvement sections tailored for privacy management.

The 2025 version consolidates the previously separate annexes for PII controllers and processors into a single Annex A, simplifying compliance and implementation processes. A new Annex B has been introduced, providing detailed implementation guidance with practical steps for organizations setting up their privacy management framework. This enhancement addresses the limited guidance available in the previous version and offers clearer instructions for practical implementation.

Annex A has been reorganized into distinct controls for PII Controllers (31), PII Processors (18), and shared security controls (29). This clarifies roles and responsibilities.

ISO 27701:2025 encompasses 184 privacy controls organized into five main categories: security management, information security incident management, information security controls, business continuity management, and information security risk management. The standard helps organizations manage personally identifiable information (PII) effectively, whether they act as PII controllers or processors.

The standard provides a jurisdiction-neutral framework that aligns with major privacy regulations including GDPR, making it an effective tool for demonstrating compliance across multiple jurisdictions. It includes specific mappings to GDPR and other international privacy frameworks, helping organizations navigate complex regulatory landscapes while maintaining a single, coherent privacy management approach.

DPDPA 2023 which is being notified shortly introduces opportunities for two new professions in India. First is the DPOs and Second is the Data Auditors.

DPOs will be responsible for implementation and maintenance of DPDPA  Compliance within an organization and will be employees.

Data Auditors would be responsible for conducting annual Data Audits and DPIAs  and will be independent consultants. They will not be the same as Statutory financial auditors nor they will be the ISO 27001 or PCI DSS auditors who are around.

While Naavi is developing with FDPPI, necessary Training and Certification for building necessary skills   for further interaction of those who are already qualified either with FDPPI or with other Certification bodies such as DSCI, a group has been created on Arattai platform. This group should not only enable exchange of professional thoughts but also emerge as a group for representing the interests of the community with the Government.

I invite all interested persons to  join the groups here with this link:

DPO Group on Arattai

Data Auditor Group on Arattai

The objective of the two groups are slightly different. While the DPOs do internal data audits, they are employees of an organization. The Data Auditors on the other hand are entrepreneurial in nature and consultants  by profession.

Considering that “Aspiring DPOs” and “Aspiring Data Auditors” also would like to join the group for their self development, we shall keep  the groups open to all and not have any restrictive entry criteria.

I request interested persons to join and also bring in their current community members.

If we can build a single large community, we should be able to develop into a strong force to ensure that the professional interests of these groups are well nurtured.

Naavi

In anticipation of the release of the rules within this weekend as hinted by the secretary of MeitY a two day physical training program is being contemplated in Mumbai on November 1 and 2. The program will be from 10.00 am to 5.00 pm and held in a hotel in Andheri.

Venue:

IRA by Orchid : IRA By Orchid Mumbai – T2 International Airport (Formerly VITS Mumbai ) Metro Station, Andheri – Kurla Rd, near Chakala, Bhim Nagar, Andheri East, Mumbai, Maharashtra 400059.

The coverage would be

1. Legal nuances of DPDPA and the DPDPA  Rules
2. Classification of DPDPA protected Data (DPD)
3. ROPA as a strategic tool of Compliance
4. Governance  Structuring for meeting the obligations under DPDPA by a Data Fiduciary
5. Technical challenges of Management of Legal Basis for processing and Rights of Data  Principal
6. AI and its challenges in meeting the obligations
7. The Roles of DPO and Data Auditor in the DPDPA era
8. Use of DGPSI as a Compliance Management framework
9. Discussions and case studies

The training would be priced at Rs 15000/- plus GST. (Total Rs 17700/-)Participants would be provided with participation certificates and 12 hours of CPE.

Registration for examination for Certification would be optional.  The fees for examination would be Rs 10000/- plus GST (Total R 11800/-)

The total fees for those who register together would be Rs 25000/-. plus GST. (Total Rs 29,500/-)

An early bird discount is provided for registration upto 15th October 2025

1. Early bird discount for training Rs 3000/- Net fees Rs 12000/- (Rs 14160/0)
2. Early Bird discount for Examination: Rs 2000/-. Net fees Rs 8000/- (Rs 9440/-)

Net price of  the training with certification exam with early bird discount is Rs 20,000/-. (Rs 23,600/-)

The delegate fee will cover breakfast, Lunch and two Tea with snacks.

The registration will be limited to a maximum of 25.  

The program is available offline only. It may be recorded and used for virtual sessions later but concurrent virtual broadcast may not be feasible. Outstation attendees have to make their own arrangements for stay either in the same hotel or otherwise.

The three books namely “Guardians of Privacy…”, “DGPSI, he Perfect  prescription…” and ” Taming the twin risks of DPDPA and AI with DGPSI-AI” would be the reading material. The kindle versions of all three are now available and are recommended for purchase for preparation for the exam which will be open for the batch after November 20th.

Naavi

PS: In the unlikely event of the DPDPA rules not being notified, a free Virtual session would be conducted subsequently to all the participants.

Naavi

PS: In the unlikely event of the DPDPA rules not being notified, a free Virtual session would be conducted subsequently to all the participants.

Registration Process :Please visit here