The DPDPA as an act has been in place for now over 16 months. The excuse “Rules are not notified” has begun to fade with the notification of the “Draft Rules”. Habitual procrastinators may still find excuse that the draft rule is only for public consultation and there is time for its finalization and thereafter there would be time for setting up of the Board and there after for implementation upto perhaps 2 years.
Good luck to such all those “Optimistic Chronic Procrastinators” .
But for those corporate managers who are cautious and risk averse, it is time to start their journey towards DPDPA Compliance immediately.
In this context the following corporate actions are recommended immediately.
1.In the next Board meeting pass a resolution stating that the Company has taken note of the release of the draft DPDPA rules and the impending implementation in the coming year and need to initiate immediate steps for compliance
2.The first step for compliance is to formally designate a “DPDPA Compliance Officer” (who may be the current CRO or CISO or CIO or CCO or CDO or the DPO if that designation exists with an issue of a letter of designation from the Board with the immediate task of submitting a report on the DPDPA Risk of the Company and the further actions to be taken. (The Compliance officer may be promoted as DPO in future if required and if suitable)
3.Ensure that the Compliance officer is deputed to an appropriate training drill such as the C.DPO.DA. of FDPPI so that he is prepared to take up the challenge of doing a proper DPDPA Risk Assessment and recommend further actions.
4.The above task is recommended to be completed before 31st March 2025 and developments recorded in the next Annual Report.
In the immediate future a detailed audit needs to be undertaken under a framework like DGPSI and institute a Risk Mitigation plan along with appropriate Cyber Insurance coverage where required.
Before committing purchase of any software for compliance, be sure to check if it is suitable for DPDPA Compliance or not.
In order to assist such companies who want to take off, FDPPI will be providing the following services .
1. Conduct C.DPO.DA. program for 3 days at Mumbai on January 24, 25 and 26 (Registration now open with Early Bird Discount available now).
2.Conduct a similar physical program in Delhi if possible before March 2025. (To be Scheduled)
3.Conduct at least one Virtual program before March 2025 (To Be Scheduled)
4. Institute a quick Business Impact Assessment through a Virtual interaction with corporate Managements (on a short virtual session) on request. (At a Cost of Rs 10000-25000)
(P.S: Considering the current assignments of FDPPI/Naavi booked with FDPPI, there could be scope for not more than 5 to six assessments before March 2025).
Interested company officials need to contact FDPPI immediately by visiting the website www.fdppi.in or contact Naavi through www.naavi.org.
The detailed coverage of Mumbai Program for C.DPO.DA. is as followsNaavi
All participants of the program would be eligible to get participation certificates with CPE credits for 18 hours and may also take the online examination to get the complete certificate as “Certified Data Protection Officer and Data Auditor”.
Necessary reading materials in the form of two books, worth Rs 3000/- would be provided to the participants. The registrants would also be eligible for one year free membership of FDPPI.
