DGPSI is the TINA option for DPDPA Compliance….3

Posted on August 27, 2024 by Vijayashankar Na

Strategy war rooms of companies have been discussing the impact of AI on their business and how they need to leverage the new technologies. In the past they have also discussed how to leverage certification of ISO 27001/27701 in the context of Privacy. Now is the time to discuss DPDPA Compliance as the new challenge. It is in this context that DGPSI is emerging as the TINA option for the organizations. Yes, There is No Option or more appropriately “There is No Better Option”.

The options that are before companies is ISO 27001 (2022) which is incomplete and inadequate for Compliance of DPDPA. Even if ISO 27001 is modified or implemented with ISO 27701, the make shift combination will not be recognizable as specific to DPDPA compliance.

The next option is to adopt the DSCI Privacy Framework which is constructed to protect the Privacy of Personal Information from unauthorized use, disclosure, modification or misuse.

This is a three layer framework with Privacy Strategy and Processes at the foundation of the pyramid, Information usage, access, monitoring and Training as the body of the framework and Personal Information Security at the top of the pyramid. However this framework was developed at a time before DPDPA and does not focus on DPDPA compliance. It is more generic and needs to be adapted for DPDPA.

On the other hand the DGPSI framework was developed exclusively for compliance of DPDPA and DGPSI-Lite focusses only on 36 requirements required for DPDPA Compliance. It is a “Framework for Compliance by design” where as other privacy frameworks claim themselves to be frameworks for “Privacy by design”. “Compliance by design” is inclusive of “Privacy by Design” and “Security by design” and focussed on mitigating the risk of non compliance of DPDPA.

The Data Governance and Protection Management System (DGPMS) constructed under DGPSI framework is an inclusive framework that can be identified as PIMS for DPDPA, ISMS for PII (based on Cert In CSF framework which is also compatible to ISO 27001framework) and further adds the Personal Information management aspects enumerated in ITA 2000, Consumer Protection Act 2019 and BIS draft standard for Data Protection.

DGPSI is therefore more comprehensive and more goal specific. DGPSI-Full version with 50 implementation specifications capture the essence of the requirements of these multiple laws and multiple governance frameworks.

In this perspective DGPSI is not just the better option but is the only option for DPDPA Compliance. Hence DPDPA can claim the tag of “TINA option for DPDPA Compliance. “

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.