Naavi.org

The initiative of DSCI and BIS to work on a framework for compliance under a working group ISO/IEC JTC 1/ SC 27/WG 5 – Privacy Protection & Personal Data Governance is a notable development.

It is good that 3 years after the passing of the DPDPA 2023 and also after the Draft Guidelines of BIS on Data Governance ,  an effort is being initiated to develop a standard for Data Protection .

It is however necessary to point out that this work should not end up as  a “Reinvention of the Wheel”.

We draw the attention of BIS to the existing framework “DGPSI”  or Data Governance and Protection Standard of India which

1. Is a framework developed by an organization of the professionals  namely the FDPPI which is a Section 8 company, exclusively for the Indian scenario
2. FDPPI does not carry the vested interests of the Big Tech
3. The DGPSI Framework is available as a Public Document
4. The Framework is already under implementation by many auditors
5. The Framework comes with variations such as
   1. DGPSI Full
   2. DGPSI Lite (For SMEs)
   3. DGPSI-AI (For AI deployers)
   4. DGPSI-HR (For HR systems)
   5. DGPSI-DP (For Data Processors)
   6. DGPSI-GDPR (For GDPR Compliance)

Documents are available in the form of published printed books and on different websites.

These frameworks could be adopted and fine tuned by BIS into modified frameworks.  It is therefore not necessary for BIS to start a new work from scratch.

We note that BIS is trying to collaborate with DSCI an arm of NASSCOM,  which is strongly influenced by the Big Tech Companies. It is well known that DSCI had filed a dissent note to the Justice Srikrishna Committee in support of the Big Tech Industry along with the many opposition politicians.

We foresee that the framework development process is likely to be under the influence of the Big Tech and not be independent.

We are sure that BIS would have examined this aspect and it would be interesting to understand the logic of BIS in not considering the upgradation of DGPSI into a BIS framework and opting to go for a different exercise for development from scratch.

Even now the BIS  committee can hit the ground running if it picks up the DGPSI framework as the foundation and work a new BIS version.

DGPSI has already has incorporated the August 2023 draft guidelines released by BIS on Data Governance and Data Protection. It is already in the next level of compliance requirement  addressing the requirement of deployment of AI by Data Fiduciaries, the special requirements of the HR sector, SME Sector. It is ready with a recommended framework for the Data Processors and even for the GDPR network.

Hence it does not seem logical that the DGPSI input is excluded from the work of BIS.

We request that BIS may  set up a separate committee to  study these frameworks and if found necessary, reject them before they invest on the new working group.

We draw the attention of the MeitY and the Standing Committee on IT in the Parliament to take the lead in setting up such a  committee so that a proper logic be built  on the need for a new effort at a higher cost rather than modification of the existing frameworks.

DGPSI is a framework made in India for the world..not as a mere slogan, but as a concrete work. FDPPI accepts that the framework can be improved and request BIS to study the framework and if possible adopt it as BIS-DGPSI framework.

We await the top management of BIS  and the Ministry of Consumer Affairs to react to this proposition.

PS: A copy of this note is being forwarded separately to BIS for necessary action.

Refer:

Article on naavi.org:  IS17428 and PDPSI

Draft Guidelines of BIS released in August 2023

FAQ on DGPSI

The Association of Independent Data Auditors of India (AIDAI) was launched in Bengaluru on 11th April 2026 at WoodRose Club, JP Nagar, Bengaluru, 2026.

Though the live broadcast on the YouTube could not be organized as planned, the rest of the program went on successfully.

During the event, Mr Nagendra Javagal welcomed the audience. Mr Ramesh  Venkataraman presented the activities of FDPPI. Naavi introduced the Concept of AIDAI. Mr Vijayendra Shenoy, the CEO of AIDAI shared his plan for the coming years. Mr R Srivatsa proposed the Vote of Thanks

Representatives from different Audit Communities such as Mr Sudarshan Mandyam, Mr B. Jayachandran, Mr Madhava Murthy, as well as Mr Manish as representative of BSPIN and Dr Prashant Koranne as representative of the Data Audit Community from Mumbai were present during the occasion.

A Copy of the Book, Wisdom Companion for Champions of DPDPA Compliance was formally unveiled during the occasion.  Some of the guests spoke during the occasion and shared their views.

During the event empanelment process was also  launched.

AIDAI has started with the ambition of unifying the Auditors scattered across multiple accreditation agencies organizations onto a single platform.  This concept is not natural to the Indian Psyche but an attempt is being made by FDPPI and AIDAI to achieve what is not easy to achieve. I hope this time it is different.

Naavi

Report in Deccan Herald on 12th April 2026:

FDPPI has been in the forefront of being a “Guardian of Privacy”. The DGPSI framework provided the “Jurisprudential interpretation” of DPDPA 2023 for Data Fiduciaries to work on “Compliance By Design”. During this phase we started creating the  skills of a DPO. Many other organizations emulated FDPPI and created their own brands of DPO certifications.

Now the next phase of auditing of the implementation created by these DPOs has begun. After 13th May 2027, Significant Data Fiduciaries need to mandatorily have an “Independent Data Auditor” in place and will be looking around for not DPOs but Data Auditors.

FDPPI has now taken the necessary big step to create an eco system for “Data Auditors” to develop, acquire necessary skills and use the tools already created in the form of DGPSI frameworks.

Tomorrow the new era of “Independent Data Auditors” will begin in India with the launch of the “Association of Independent Data Auditors”.

This profession is a creation of the statute and the word “Independent” signifies that the data auditor must not have any conflict with the Data Fiduciary. They need to also be able to conduct Annual Compliance Audit of DPDPA compliance, DPIA, Audit of algorithms and even report significant observations to the DPB.

They will initially be monitoring the Significant Data Fiduciaries before other wise Data Fiduciaries also decide to err on the safer side with audit from such data auditors as a best practice.

In effect, they will be the eyes and ears of DPB to provide accountability to the compliance efforts.

FDPPI has therefore decided to catalyze the formation of the “Association of Independent Data Auditors of India” or AIDAI and is launching the new entity. Presently it is a division of FDPPI and will be headed  by a CEO, supported by a Governance Committee and guided by a cross industry Advisory Board.

A unique aspect of this AIDAI of FDPPI is that the doors are kept open for different kinds of professionals to be engaged with the organization.

At the Foundation level, any professional including the freshers  are encouraged to join the community as “Probationary Independent Data Auditors”. They can learn, associate with others and grow to be the future Independent Data Auditors.

Inevitably, FDPPI will have a Cadre of “Certified Independent Data Auditors” since it is already conducting programs for C.DPO.DA. where the traditional DPO certification was already extended to the Data Audit requirements. Now the Certification program will be divided into CEDPO (Certified Elite DPO) and CIDA (Certified Internal Data Auditor). They will be empanelled at AIDAI after a fresh online examination.

The most  significant aspect of AIDAI is that it is built on the principle of “Vasudaiva Kutumbakam” or “World is one family” .

The empanelment is therefore open to professionals trained and accredited by other organizations including DSCI or Lead Auditors of ISO family and other similar Data Protection or Information Security oriented organizations and also to other professional organizations like the ICAI, CMA or ICSI.

Such accredited agencies will be empanelled on the basis of validation of credentials.

At this point of time, it is the vision of AIDAI to be a unified platform for all professionals who conduct “Audits” in the all  pervasive medium of “Data” and  also break down the differences if any that exist between different professional groups.

We hope all will respond to this new way of thinking…

We invite all to engage with AIDAI and grow together.

Naavi

A new organization named Council for Digital Safety and Wellbeing  (CDSW) is being  established established to serve as a national platform for learning, dialogue, and collaboration, supporting institutions, communities and individuals in navigating these challenges responsibly across digital and AI enabled ecosystems.

The organization is founded by Mr  Aditya Vuchi and Dr Anil Rachamalla of Hyderabad

The vision of this  organization is “Powering India’s next digital era with safety, ethics, and wellbeing at its core, including the responsible and human-centric use of Artificial Intelligence.”

CDSW has adopted the following  objectives

• To educate institutions, organisations and individuals on digital safety, ethics, and wellbeing in an AI-driven world
• To engage stakeholders in constructive dialogue and collaboration on emerging digital and AI risks
• To elevate national understanding and leadership for responsible digital practices including safe, ethical, and accountable AI use

Naavi is participating  as part of the Advisory group in the formal launch of the organization today at Hyderabad.

Privacy is an integral part of “Digital Well  Being” and lack of Cyber Safety leads to identity theft which is the root cause of most of cyber crimes. Securing “Identity” of an individual by choice is the principle of Privacy and the Personal Data Protection regime is directly responsible for the protection  of identity theft and thereby the Digital Well being. FDPPI therefore is a natural partner for this initiative and happy to support the initiative.

FDPPI’s initiatives of “Privacy Mitra” and “FDPPI Study Centers” , directly support creation of Privacy awareness and build a Data Protection culture in the country.

On behalf of myself, Naavi.org and FDPPI, I wish the venture all the success.

Naavi