In the last two articles, we discussed how a Compliance oriented organization in India may react to the passing of the DPDPA with the following steps.
Step 1:
Conduct a Board Meeting in which the advent of the new law is taken note of and instructions passed on to a designated person and a high powered committee within the Company to make a Business Impact Assessment and present it to the Board for further action.
Step 2:
We presume that the CISO or an existing DPO if available would be requested to present a report on the first level impact of DPDPA and suggest measures to be initiated in the short, medium and long term to meet the assessed risks. We shall call him the DPDPA Project Manager or DPM.
Now as a third step, we assume the role of the DPDPA Project lead and try to suggest further steps. This process may be an iterative process and there may be discussions with the committee of functional leaders to understand the impact on each of their activities.
For example, the How does DPDPA affect the Marketing division? R & D division? HR Division?, Legal Division? Finance division? etc.
While the first reaction is to develop a questionnaire and send it across to each of them, we must remember that the functional heads might have only heard of DPDPA in the media and may not have in-depth knowledge themselves.
Hence Step 3.1 is to create an awareness about DPDPA amongst the top management through a Discussion. If necessary the DPM may invite an external expert such as FDPPI to take the top management through this process.
One of the easiest ways is to avail the service of “Leadership Awareness Session” available for all Corporate Members as a one time complementary activity. The Company may call this the “Leadership Initiative for DPDPA” (LID).
At the end of the session, the DPM can distribute a questionnaire for each of the funcional heads to reflect and respond. Following this DPM can chart out further action.
Naavi
