One of the notable mentions made by Prime Minister Mr Modi during the Independence Day Speech yesterday was a call for development of Indigenous standards.
This was heartening since FDPPI has been working on the indigenous standard DGPSI (Data Governance and Protection Standard of India) which is meant as a framework for organizations to be compliant with DPDPA 2023.
Currently many organizations and professionals work around available but incompatible frameworks such as ISO 27001 and 27701 and claim that they are able to achieve compliance of DPDPA 2023.
This view arises both from the point that the companies know these frameworks, worked with them and are familiar. The fear of the unknown and “Resistance to Change” prevents them from even considering an alternative solution. Often they find excuse in the fact that their customers ask them if they are ISO 27001 compliant or GDPR Compliant and therefore they have no choice.
Choices can be considered only if there is a conviction that frameworks like ISO 27001 or 27701 were created for different contexts and though they may be best suited for those contexts, they need not be so for he Indian context.
For Example we have repeatedly drawn comparison to Cricket and pointed out that Gavaskar is a legend but today for the T 20 matches he is not the right choice ahead of say Suryakumar Yadav. Mr Neeraj Chopra may be the best Javelin Thrower in India but you cannot ask him to compete in discuss throw or shotput.
Once companies shed their resistance to look at the new frameworks, they need to understand what the framework suggests and arrive at their own conclusions about whether a customized ISO 27701 is a solution for DPDPA 2023 compliance or DGPSI is a better solution.
We must also accept that “Frameworks” are only guidelines and just because we follow a framework it does not mean that we are perfect in compliance. We all know how many companies in India are ISO 27001 compliant and whether they have the necessary security infrastructure. Implementation is therefore extremely important and this comes only with the understanding of the law of DPDPA 2023.
FDPPI in its One day workshops on “Implementation Challenges in DPDPA 2023” of the type being conducted in Navi Mumbai on August 31 and in Mumbai on September 1 addresses these requirements.
We invite all professionals in Mumbai and Pune to take advantage of this program and attend the same.
P.S: Ujvala Consultants Pvt Ltd and Cyber Law College are sponsoring 5 deserving participants in each of the two locations in Mumbai who may be finding the participation fee a hurdle. Contact Naavi immediately if you desire availing this offer since this will be on a First Cum First served basis. These 10 persons will be designated DGPSI ambassadors in Mumbai.
Details of the program are available at : https://fdppi.in/wp/mumbai-on-31-8-and-1-9/
Naavi