PDPSI or Personal Data Projection Standard of India is the most appropriate framework for compliance of Data Protection Laws not only in India but elsewhere. It can not only be used for compliance of Indian Data Protection Laws (ITA 2000 extended under the Due Diligence concept to DPDPB2022) but also to GDPR compliance.
Current frameworks for compliance are inadequate to handle the requirements of PDPSI since PDPSI is broader than other frameworks such as ISO27701. Though organizations out of ignorance may still prefer frameworks developed for other jurisdictions, time has come for innovative DPOs of India to look at the potential of PDPSI for GDPR compliance.
GDPR is the omnibus law that apples to 27 different countries and 3 more by virtue of EEA treaties. When we consider GDPR we often look at the critical aspects like the “Applicability”, “Need for DPIA”, Need for DPO designation”, “Legal Bases”, “Data protection Principles”, “Rights”, “Penalties”, “Cross border data transfer”, “Exemptions and Derogations” etc.
In many of these aspects individual member states have made their own modifications . For the Compliance purpose it is important to take note of such modifications and ensure that compliance is fine tuned to the requirement of the specific country to which the law applies.
The PDPSI requirement to classify data based on the jurisdiction is therefore a critical parameter of compliance making it the best framework for GDPR compliance.
The technical challenge for discovery and tagging of personal data with relevant jurisdiction and segregating the storage remains a challenge since sufficient work does not seem to have been done in this regard by tool developing companies.
Naavi looks forward to getting information from software developers who have solutions for data discovery and classification to identify the best tools that satisfy the requirements of PDPSI framework.
Naavi
