Mission-DPDPA: “Let us Make it Happen”

Posted on May 26, 2024 by Vijayashankar Na

The long awaited Exclusive Data Protection of law of India in the form of DPDPA 2023 was passed by the Parliament and gazetted by the President on 11th August 2023.

In current India, there is a tradition that every law passed by the legislature whether unanimously or with a majority, is to be validated by the Supreme Court and accordingly it would not be surprising if DPDPA 2023 is also challenged in the Court for the sake of ensuring that the Government does not do anything productive.

However the Modi 3.0 team is already going ahead with a plan of action for the first 100 days and barring unforeseen circumstances, will be announced before June 10th. One of the items in the agenda is expected to be the notification of the rules under DPDPA 2023 which should include “Constitution of Data Protection Board” and “Definition of Significant Data Fiduciary” which are keys to taking the implementation further. The rules are likely to be published for public comments and put up to the next Parliament some time in the October session to be passed in to effect.

Even if DPDPA 2023 and/or its rules are challenged in the Supreme Court, it is unlikely to be struck down or stayed immediately and hence the law will remain operative.

In this context, if Modi 3.0 has a 100 day program, Naavi.org intends to launch Mission-DPDPA with several projects to ensure the spread of Privacy Culture in India.

Over the last 5 years since 2018 when FDPPI (Foundation of Data Protection Professionals in India) was constituted, Naavi and his team at FDPPI has been undertaking several activities towards spreading the need for DPDPA compliance particularly amongst the Corporate entities.

Now time has come to look at the larger masses to ensure that the law will be actually used by the general public in the manner it is envisaged. If public donot understand and appreciate the law, they are unlikely to make use of it. The law is designed as a law to discipline the industry and any personal financial remedies that are to be claimed by individuals will have to be claimed through the current ITA 2000. (Information Technology Act 2000 as amended till date). Hence it is the responsibility of individuals like Naavi to motivate the public to understand and use the provisions of the law to enhance their “Privacy Status”.

Mission-DPDPA therefore has the motto…. Let’s Make it Happen.

Some of the activities envisaged by Naavi in this direction which are expected to be implemented with the assistance of FDPPI and hopefully other organizations as well are

  1. Spread the knowledge of what are the Rights and Duties of Citizens under DPDPA 2023 amongst the general public including students and faculty of Law, Engineering, Management.
  2. Spread the knowledge of what are the compliance requirements under DPDPA 2023 by organizations including the Directors, CxOs and others.
  3. Provide tools of empowerment of individuals through Certification Programs
  4. Provide tools of empowerment to organizations through a framework for compliance along with a system of third party audit, assessment and conformity assurance certificates.
  5. Provide Jurisprudential suggestions to the Government through Policy Advisories placed in the public domain.
  6. Encourage different industry sectors to develop self regulatory guidelines and work towards acceptable sectoral guidelines.
  7. Encourage tech developers to adopt “Compliance by Design” and incorporate DPDPA 2023 compliance when products and services are designed including tools to assist others to be compliant such as AI tools and Governance support software systems.

As we go forward, these 7 steps may expand further. Most of the above steps are already under implementation by Naavi. Ujvala Consultants Pvt Ltd considers this as its “Voluntary Corporate Social Responsibility” (VCSR) adopted voluntarily. FDPPI is devoted to this mission as it is its “Justification for existence”.

Now it is time for other Societies and professional organizations to join the hands of FDPPI, be part of this mission and take it forward.

In the recent past CIOKLUB has been a participant in this mission. BSPIN is expected to play it’s part shortly. Professor N K Goyal, president of CSAI has extended his cooperation to this mission. Other organizations and particularly the educational institutions like Manipal Law School, KLE Law Institutions, NALSAR. NLSUI etc are invited to add their weight to this mission by taking up their own projects in this direction with or without involving FDPPI or Naavi. The goal is to achieve the objective of Mission-DPDPA and who all contributes to it is secondary.

Naavi

Posted in Cyber Law | Leave a comment

All India DPDPA Awareness Movement

Posted on May 24, 2024 by Vijayashankar Na

Naavi has in the past taken up Cyber Law Awareness outreach programs on a mission mode through Karnataka under the Karnataka Cyber Law Awareness Movement. Under this program, Naavi and Cyber Law College conducted courses in Cyber Law across the State of Karnataka and was the early injection of Cyber Law knowledge with the professionals as well as the students. At that time the program was centred around Information Technology Act 2000. (ITA 2000)

The industry was however not interested much in ITA 2000 and hence the movement was limited to Law Students, Law Colleges and Advocates. It was a successful program which later partially spread across the country. Naavi conducted hundreds of trainings under this program to all sections of the society.

A time has now come to repeat a similar exercise in the field of DPDPA. As the Data Protection Act DPDPA 2023 is set to be notified shortly, there will be a need to spread the awareness of DPDPA 2023 across colleges as well as companies.

The All India DPDPA Awareness Movement is therefore conceived to take the knowledge of DPDPA 2023 across the country through multiple channels including Certification Programs conducted under the banner of FDPPI as well as other activities on social media and through academic partnerships.

The objective of this program is

a) Make public aware of the concept of Data Privacy and how to make use of the provisions of DPDPA 2023.

b) Make Law Students and Law Faculty aware of the concept of Data Privacy and how Data Protection is related to Data Privacy.

c) Make companies aware of the impact of DPDPA on their operations from the level of Directors to CxOs to DPO aspirants and the general workforce.

This is in addition to the professional skill development programs that may be conducted with FDPPI in different forms.

Watch out for activities starting in June 2024 in this regard.

Naavi

Posted in Cyber Law | Leave a comment

A Mass DPDPA training Campaign to start

Posted on May 23, 2024 by Vijayashankar Na

As the D-Day for publication of rules for DPDPA 2023 is approaching, Naavi/Cyber law college and FDPPI has decided to run a special awareness building program on DPDPA 2023, Global Data Protection Laws and Certified DPO and Data Auditor.

The objective of this campaign is to ensure that we reach out to a large number of professionals aspiring to learn about DPDPA 2023 as a law and prepare themselves to be the next generation professionals such as DPOs in India and Data Auditors.

Over the next few months, there will be several in house physical training programs which will be customised to the requirements of different organizations which will be separately priced. This new campaign is meant for the “Virtual Online Sessions” based on recorded videos and pre-arranged real-time mentor sessions online.

Watch out for details.

Naavi

Posted in Cyber Law | Leave a comment

EU AI At adopted by the EU Council

Posted on May 22, 2024 by Vijayashankar Na

On May 21, 2024, the EU AI Act was given the final approval of the council of EU and is set to be published in the official journal. It will enter into force on the 20th day after publication and will be generally effective after 24 months.

We had started discussing the different provisions of the EU-AI act in these columns which will be continued.

Some of the articles already published are

1.March 17, 2024: The EU Act on Artificial Intelligence

2.April 3, 2024: Impact of EU AI act on India

3. 4th April 2024: Defining of AI: DGPSI approach

4. 5th April 2024: Applicability and Non Applicability of EU-AI Act

5. 6th April 2024: Classification of AI under EU AI act

6. 6th April 2024: “Conformity Assessment” under EU-AI act

7.7th April 2024: Classification of AI under EU AI act

8. 8th April 2024: Intersection point for EU AI Act and DGPSI: AI-DTS

9. 10th April 2024: Generative AI and EU AI Act

The discussions will continue.

Naavi

Posted in Cyber Law | Leave a comment

Fraud by 9900880457: “Your phone will be deactivated”

Posted on May 21, 2024 by Vijayashankar Na

For some time now a fraud is being attempted by some automated calls made from different numbers stating….” Calling from Telecom department …All your phones will be deactivated within 2 hours. Press 9 for more information” etc…

It is obvious that this is a fraud. However such frauds occur because telecom companies donot take preventive action and police donot come in except after some body who has lost money complains.

Just now I received such a call from the number 9900880457. Earlier such calls have come from other numbers also.

I want people to be careful about such calls. If possible the above mobile number (which may be fake) be traced.

Naavi

Posted in Cyber Law | Leave a comment

“B2B-DTS” for DPDPA compliance tailored to Manufacturing industries

Posted on May 19, 2024 by Vijayashankar Na

Yesterday we had an interaction with a large group of CIOs in Coimbatore and discussed the DGPSI framework as a solution to DPDPA compliance.

As a part of the discussion, a need has emerged for considering the manufacturing industries with only B2B services as a separate category/sector for which DPDPA compliance has to be specifically designed.

The DGPSI framework already has one simpler version called DGGPSI Lite with 36 implementation specifications and DGPSI Full with 50 implementation specifications.

Both frameworks are applicable across different sectors including manufacturing sector. DGPSI full version also addresses some Data Governance issues while DGPSI Lite is limited to DPDPA compliance.

While implementing these frameworks for manufacturing industries, the fact that their exposure to personal data processing is limited to employees is already factored in. In case the manufacturing industry has retail stores or e-commerce websites, their exposure to DPDPA 2023 increases.

However there are many industries who donot have e-commerce and donot have retail sales and hence their encounters with personal data is limited to employees, current, prospective and past.

Considering these restricted exposure of B2B companies, the DPDPA Gap assessment as well as implementation has been simplified leading to an assessment which is named “B2B-DTS”.

Hopefully this will enable a large number of eligible industries of this category meet the compliance certification quickly without the rigorous requirements of a company which has personal data collections on a large scale from consumers.

Companies interested in such assessments may contact Naavi/Ujvala Consultants Pvt Ltd for more information.

Naavi

Posted in Cyber Law | Leave a comment