Double the Value at half the Price

Posted on August 14, 2023 by Vijayashankar Na

Posted on August 14, 2023 by naavi

Naavi is committed to build a Privacy and Data Protection Culture in India. At a time when the Country has adopted a new Data Protection Law namely DPDPA 2023 and there is a mad rush by companies to recruit DPOs in their organization, there is confusion in the professional circles on how they should equip themselves for the new job opportunities that are unfolding.

Many are rushing to acquire CIPP-E or other courses at enormous cost to add a certification that would make them a better candidate in the job interviews.

However, rushing to get more of GDPR knowledge to serve in India is only creating more problems since Indian law is much different from GDPR and the study of CIPP-E may create wrong concepts in the minds of the professionals. They need to unlearn most of the concepts and re-learn the Indian concepts.

Naavi has therefore decided to offer courses which are more valuable than CIPP-E or other programs of similar nature based on GDPR but at much lesser cost.

CDPP-I is one course which is presently available at Rs 15000/- with content covering both DPDPA 2023 and ITA 2000 for the fist time.

CDPODA is a more comprehensive course which covers Indian Data Protection law as well as GDPR and several other global laws and also Data Audit related skills. It is therefore much more valuable than CIPP-E type of courses and priced at Rs 45000/- which is inclusive of benefits of Rs 9000/- (as of today) in the form of membership of FDPPI and Registration in the Indian National Register of Data Protection Professionals in India.

It is therefore a no brainer that the next destination of professionals in search of certification related to Data Protection is FDPPI/Cyber Law College.

What we propose now to professionals who are in a hurry to get certified is the following path.

  1. Take the DPDPA 2023 plus ITA 2000 currently offered as Module I and set to start from September. This will be a faculty lead program with support of recorded videos.
  2. Take Module G as a Recorded module with Mentor assistance on request where the faculty will answer your queries.
  3. Take Module A in a revised format where there will be in depth discussion on PDPCSI as a framework for Data Audit

Currently the entire program is priced at Rs 45000/- inclusive of GST. (From 1st October this may change to excluding GST)

If some body takes Module I only, the cost would be Rs 15000/- (Inclusive of GST). There after Module G will cost separately Rs 18000/- (inclusive of GST).

At the time Module A is subscribed, the cost of Module A could be Rs 24000/-

Taking each module separately would therefore be expensive and cost rs 57000/- in total with GST.

On the other hand taking all the three programs at one go would cost at present only Rs 45000/- (inclusive of GST) with another Rs 9000/- worth benefit. The net cost is therefore as low as Rs 36000/-

After October, the total cost of the combined module which we call as “Certified Data Protection Officer/Data Auditor” (CDPODA) would be Rs 45000/- + 18% GST or Rs 53100/-

Move quickly so that you could be in the early batches of professionals who will pass out.

New Courses will commence from September/October 2023.

Register at www.cyberlawcollege.in or www.fdppi.in

(PS: Cyber Law College is the training partner of FDPPI)

Posted in Cyber Law | Leave a comment

Posted on August 13, 2023 by Vijayashankar Na
Posted in Cyber Law | Leave a comment

Consent Manager… Under DPDPA

Posted on August 13, 2023 by Vijayashankar Na

A day after the Presidential assent to DPDPB 2023, Sansad Dhvani, an organization created by Mr Tejasvi Surya, the MP from South Bangalore organized a public awareness program on DPDPA.

It was great to see the MoS of IT, Sri Rajeev Chandrashekar and Sri Tejasvi Surya explain the salient features of the new law. Mr Sharat Sharma of ispirit was also present and explained certain technical aspects. The event was held in the auditorium of BMS Engineering College, Bengaluru.

After the initial presentations, the trio answered the questions of the audience and there was a healthy participation from the audience which consisted of many Privacy professionals as well as students.

During the discussions Mr Rajeev Chandrashekar also indicated that the work on Digital India Act is also progressing and a draft for public discussion should be available in the next two weeks.

One of the topics which came under repeated discussion during the talk was the role of “Consent Manager”. One could observe that there is still a confusion on the role of a “Consent Manager” under DPDPA 2023 vs “Consent Manager” in the NDHM and in the Account Aggregator project of RBI.

Under Section 2(g) of DPDPA, “Consent Manager” means a person registered with the Board, who acts as a single point of contact to enable a Data Principal to give, manage, review and withdraw her consent through an accessible, transparent and interoperable platform;

Under Section 6(9), “Every Consent Manager shall be registered with the Board in such manner and subject to such technical, operational, financial and other conditions as may be prescribed.”

We can therefore observe that the “Consent Manager” under DPDPA is a “Data Fiduciary” and not completely a “Technology Platform”. The Consent Manager under DPDPA can use a technology platform but is an entity with a visibility on the personal data where as Consent Manager in the Account Aggregator framework (AAF) is a pure technology platform like an ISP.

Legally the Consent Manager under Account aggregator account is an Intermediary under ITA 2000 where as the Consent Manager under DPDPA is a Data Fiduciary with obligations as set out in the DPDPA.

Considering that the Consent Manager platform under AAF can be technically configured in such a manner that the identity of the individuals is not accessible to any human being, it opens up the debate that there may be no apparent “Disclosure” from the data principal to the Consent Manager and hence the liabilities associated with DPDPA for a data fiduciary may not attach to the Consent manager platform. In a way it can be configured as an “Anonymised Transmission of identifiable data”.

Whether all Consent Managers under AAF have configured the system in this manner or not is a matter of audit. If they have not done so, they will also be Data Fiduciaries under DPDPA.

It is expected that when the requirements for accreditation of Consent Managers is released, there could be a criteria of minimum capital and net worth so that it may become a business of the large companies. It would however be necessary to have another layer of Consent Manager Registration Agencies who work as agents of Consent Managers. This could be similar to the Certifying Authority-Registration Authority set up in the ITA 2000 rules where the RA was not mentioned in the Act but brought in through practice.

The rules for Consent Managers need to be therefore drafted with the provision of individuals or entities who can be agents of Consent Managers who will be the real interface between the Data Principal and the Consent system.

Another area where there appeared to be some grey spots is about the “Data Minimization” .

The DPDPA does not specifically mention the Data Minimization though we expect this principles to appear in the subsequent notification of rules [under Section 8(4)]. Presently these have to be interpreted in the “Purpose Limitation” .

Probably we need to wait for the notifications to come up for further discussion on these subjects.

Naavi

Posted in Cyber Law | Leave a comment

Janvishwas Bill Gazette notified

Posted on August 12, 2023 by Vijayashankar Na

The Janvishwas Bill amendment Act 2023 was gazette notified yesterday. This contains many amendments to ITA 2000 which had been provisionally incorporated in the copy of ITA 2000 which is available on this website.

Now they may be considered as finalized amendments.

The copy of the Act is available here

List of Amendments to ITA 2000

Section 33: Failure to Surrender of CA license which has been revoked: Penalty of Rs 5 lakhs. No Imprisonment

Section 44: Penalty for failure to furnish information, return etc penalties increased

a) From 1.50 lakhs to 15 lakhs for not furnishing the required document

b) from Rs 5000/- to Rs 50000/- per day for not submitting returns

c) from 10000/ to Rs 1 lakh for not maintaining books

Section 45: Residuary Penalty increased from Rs 25000/- to Rs 1 lakh and compensation increased from Rs 25000/- to Rs 1 lakh for an individual and Rs 10 lakh for an Intermediary or company

Section 46: “Under this Chapter” changed to “Under this Act” and the word “injury” removed

Section 67C: Penalty up to Rs 25 lakhs from and no imprisonment.

Section 68: Penalty increased to Rs 25 lakhs and imprisonment removed

Section 69B: Imprisonment reduced from 3 years to 1 year and Fine increased to Rs 1 crore

Section 70B: Penalty raised from Rs 1 lakh to Rs 1 crore

Section 72: Penalty increased to Rs 5 lakhs, Imprisonment term removed

Section 72A: Penalty increased to Rs 25 lakhs, Imprisonment removed

Naavi

Posted in Cyber Law | Leave a comment

11th August shall be the Data Protection Day of India

Posted on August 12, 2023 by Vijayashankar Na

At FDPPI, the Foundation of Data Protection Day of India, it is proposed to recognize August 11 as the Data Protection Day of India.

This will supplement 17th October which is the Digital Society Day of India.

Naavi

Posted in Cyber Law | Leave a comment

DPDPA 2023: Presidential Assent

Posted on August 12, 2023 by Vijayashankar Na

It is observed that on 11th August 2023, Presidential Assent was given to the DPDPA 2023 which has now become a full fledged Act.

The Gazette Version of the Act is available here:

Naavi

Posted in Cyber Law | Leave a comment