DGPSI as a framework targets the compliance to DPDPA. It can be used by Data Auditors to audit the compliance of an organization and certify them for adequate compliance. DGPSI can also be used to make an assessment of the compliance maturity through the Data Trust Score or DTS which can be used for monitoring the compliance and build an assurance for the Data Principals.
At the same time, DGPSI also has another use for those who build Privacy Compliance technical tools such as those for “Data Discovery”, “Data Classification”, “Consent Management” etc. This is for creating “DPDPA Compliance Software Tools” for compliance.
Since DGPSI is a reflection of DPDPA, DPDPA Compliance in a technology situation is better addressed by DGPSI Compliance.
Hence Privacy Enhancement Tool (PET) developers can target DGPSI Compliance to be built into their tools and thereby become DPDPA Compliance. Such tools can also be audited by DGPSI auditors and certified as “DGPSI Compliant”. They can even be assigned DTS scores to indicate the level of assurance.
Naavi invites technologists to come forward and tweak their current tools to meet the DPDPA compliance through being DGPSI Compliance through appropriate DGPSI Consultants and obtain a DTS Score for their tools.
The Data Auditors of FDPPI are being trained to make such assessments and provide assurance certificates for tools with a DTS score which fairly represents the ability of the tool user to meet compliance of DPDPA while he processes personal data using the tool.
This is a unique process and will take time to develop. The Data Auditors need to be specially trained for this purpose. But a beginning has been made and this should usher in a new era in PET development in India.
Need for Incentivisation
During the early days of HITECH Act implementation in USA, there was an incentive scheme by the US Government to promote use of HIPAA Compliant technology by the Health Care industry. This included a system for certification of “HIPAA Compliant Software” the use of which would make a covered entity eligible for subsidy. A total of $17.2 billion was distributed under this scheme over 5 years from 2009-2014 and is believed to have contributed significantly to the adoption of technology by the health care professionals. This was more relevant for individual doctors and small pharmacies where the lack of funds could have delayed the adoption of compliance technology.
It is time for India to consider a similar system to promote use of DPDPA Compliant technology and introduce some incentives to the Data Fiduciaries particularly in MSME sector to promote use of “DPDPA Compliant Software systems” for processing personal data.
It is our desire that before the Government can introduce a system for such purpose, we have a system of evaluation of software to be certified for DPDPA Compliance. Once such a scheme is introduced, there will be many players who would introduce their own DPDPA Compliance systems and promote them with aggressive marketing efforts. Naavi and FDPPI would however endeavour to make “DGPSI Compliance” as the hall mark that should have its unique value.
In the upcoming training for Data Auditors in Mumbai scheduled for January 24, 25 and 26, this aspect would be discussed in greater detail. Before that training, this may also be discussed in the IDPS 2024 on November 30 and December 1 at Bangalore. Watch out for details for both programs in FDPPI website. (www.fdppi.in)
Naavi
