DPDPA 2023 as a data protection law charted a course different from GDPR in several respects. One such differentiation that we can note is that DPDPA envisages a role for “Data Auditors” who are independent auditors outside the Company. Currently it is mandatory for Significant Data Fiduciaries to appoint such Data Auditors.
As a result of this, there is now a statutory recognition for such Data Auditors. with this development there is a need to develop Data Auditors as a community and Naavi.org through Ujvala Consultants Pvt Ltd will take the lead in creating this community. Watch out for more information on this front.
In the meantime, as regards the three day program scheduled to be held at Bengaluru on September 27, 28 and 29 by FDPPI, there is a request from many on the curriculum.
I had indicated yesterday that it would focus on “Audit” as per DPDPA 2023 which is for Data Fiduciaries, Significant Data Fiduciaries, Consent Managers etc.
To further elaborate the contents of the discussion would include the following.
a) The legal basis for Data Protection in the form of nuances of DPDPA 2023 along with ITA 2000, CPA 2019 and also international laws such as GDPR.
b) Implementation challenges for “Compliance by Design” with Technical and Organizational controls including the technical challenges of
-Data Discovery, Data Classification, Data Storage, Data Access, Consent Management, Management of Rights of Data Principals, Minor’s Data Management, Data Breach Management, Data Retention Management, Data Confidentiality, Integrity and Availability Management, Grievance Redressal management, Management of Consent Managers, Data Pseudonymization, etc.,
c) Governance Challenges related to how the risks can be assessed and managed including Data Valuation and using Cyber Insurance.
d) Conducting an Audit of how an organization has complied with the DPDPA 2023 requirements in a technical environment with a focus on how to look for evidence gathering and validation.
FDPPI’s Certification C.DPO.DA. is a crown jewel which would be available only for those who successfully complete the examination.
All persons who attend the program are given one free attempt at the examination. Examination would be online for a duration of 2 hours. If they opt out of the examination, they will get a “Participation Certificate”.
If they appear for the exam and cross the first cut-off point, they will be eligible for “C.DPO.DA-L1 (Foundation Level)” Certificate. If they cross the second cut-off point, they will be eligible for “C.DPO.DA.-L2 (Implementation Level) Certificate”. If they are able to cross the third cut-off point they will be eligible for C.DPO.DA.-L3 (Expert Auditor Level) certification.
Appropriate reading material would be provided both online and offline. Discussions will include lectures and Case study discussions.
It is our desire that we want to make the Program an elevating experience for all the participants.
Look forward to meeting you…