Naavi.org

Recruiters who are today unaware of Indian Data Protection developments but look at Indian Data Protection Law in the eyes of GDPR often miss the point that to be an effective Data Protection Professional in India, we need to study Indian law first before enhancing it with global laws. Similarly to be an effective Data Auditor, we need to understand PDPCSI first before ISO 27701.

Naavi as a pioneer in Cyber Law and Privacy Education in India is offering a clear path for professionals to acquire current relevant knowledge in India on Data Protection Law and provide peer recognition.

Now Naavi through FDPPI has provided a unique modular process for building your career in Data Protection.

The suggestion is to first learn Indian law on Data Protection, which includes the Digital Personal Data Protection Act 2023 passed recently along with the Information Technology Act 2000 which retains many aspects of Personal Data management . This can be achieved through CDPP (India).

One course for this purpose is commencing on 26th Of August as a week end afternoon batch. It will cover 12 hours of training, 3 hours each on 26th, 27th August , 2nd and 3rd of September between 2.30 to 5.30. The fee is Rs 15000/- (inclusive of GST) which includes registration in Indian National Register of Data Protection Professionals (www.inrdpp.in) which otherwise costs Rs 3000/-

This is a batch in addition to a batch being conducted exclusively for Elite CISO which is on September 2, 3, 9 and 10 for 3 hours each between 10.30 am and 1.30 pm.

CDPP (India) is step 1 to becoming C-DPO-DA or Certified Data Protection Officer and Data Auditor. CDPODA requires completion of two more modules namely Module G on Global Data Protection laws and the Module on Data Audit (Module A) which covers the nuances of ISO 27701 and PDPCSI in depth.

All the three modules together cost Rs 45000/- (inclusive of GST) and includes the registration in Indian National Register of Data Protection Professionals, (worth Rs 3000) Basic membership of FDPPI (worth Rs 6000).

Compare this with any other alternative program available to equip yourself with knowledge and recognition and take a wise decision today.

To register – visit here

In a recent study in California Berkley, scientists successfully captured brainwaves from some of the patients who were undergoing surgery for epilepsy while listening to music and using AI interpreted the brain waves to re-create the song they were listening to.

While this demonstrated the power of AI, it also indicated how the advancement of technology has opened up the human brainwaves as a readable neuro data.

Unfortunately no law addresses the need to regulate the science of interfering with human thoughts and the ethics of whether this needs regulation is a matter of debate.

Refer news report

Naavi

Posted on August 14, 2023 by naavi

Naavi is committed to build a Privacy and Data Protection Culture in India. At a time when the Country has adopted a new Data Protection Law namely DPDPA 2023 and there is a mad rush by companies to recruit DPOs in their organization, there is confusion in the professional circles on how they should equip themselves for the new job opportunities that are unfolding.

Many are rushing to acquire CIPP-E or other courses at enormous cost to add a certification that would make them a better candidate in the job interviews.

However, rushing to get more of GDPR knowledge to serve in India is only creating more problems since Indian law is much different from GDPR and the study of CIPP-E may create wrong concepts in the minds of the professionals. They need to unlearn most of the concepts and re-learn the Indian concepts.

Naavi has therefore decided to offer courses which are more valuable than CIPP-E or other programs of similar nature based on GDPR but at much lesser cost.

CDPP-I is one course which is presently available at Rs 15000/- with content covering both DPDPA 2023 and ITA 2000 for the fist time.

CDPODA is a more comprehensive course which covers Indian Data Protection law as well as GDPR and several other global laws and also Data Audit related skills. It is therefore much more valuable than CIPP-E type of courses and priced at Rs 45000/- which is inclusive of benefits of Rs 9000/- (as of today) in the form of membership of FDPPI and Registration in the Indian National Register of Data Protection Professionals in India.

It is therefore a no brainer that the next destination of professionals in search of certification related to Data Protection is FDPPI/Cyber Law College.

What we propose now to professionals who are in a hurry to get certified is the following path.

1. Take the DPDPA 2023 plus ITA 2000 currently offered as Module I and set to start from September. This will be a faculty lead program with support of recorded videos.
2. Take Module G as a Recorded module with Mentor assistance on request where the faculty will answer your queries.
3. Take Module A in a revised format where there will be in depth discussion on PDPCSI as a framework for Data Audit

Currently the entire program is priced at Rs 45000/- inclusive of GST. (From 1st October this may change to excluding GST)

If some body takes Module I only, the cost would be Rs 15000/- (Inclusive of GST). There after Module G will cost separately Rs 18000/- (inclusive of GST).

At the time Module A is subscribed, the cost of Module A could be Rs 24000/-

Taking each module separately would therefore be expensive and cost rs 57000/- in total with GST.

On the other hand taking all the three programs at one go would cost at present only Rs 45000/- (inclusive of GST) with another Rs 9000/- worth benefit. The net cost is therefore as low as Rs 36000/-

After October, the total cost of the combined module which we call as “Certified Data Protection Officer/Data Auditor” (CDPODA) would be Rs 45000/- + 18% GST or Rs 53100/-

Move quickly so that you could be in the early batches of professionals who will pass out.

New Courses will commence from September/October 2023.

Register at www.cyberlawcollege.in or www.fdppi.in

(PS: Cyber Law College is the training partner of FDPPI)

A day after the Presidential assent to DPDPB 2023, Sansad Dhvani, an organization created by Mr Tejasvi Surya, the MP from South Bangalore organized a public awareness program on DPDPA.

It was great to see the MoS of IT, Sri Rajeev Chandrashekar and Sri Tejasvi Surya explain the salient features of the new law. Mr Sharat Sharma of ispirit was also present and explained certain technical aspects. The event was held in the auditorium of BMS Engineering College, Bengaluru.

After the initial presentations, the trio answered the questions of the audience and there was a healthy participation from the audience which consisted of many Privacy professionals as well as students.

During the discussions Mr Rajeev Chandrashekar also indicated that the work on Digital India Act is also progressing and a draft for public discussion should be available in the next two weeks.

One of the topics which came under repeated discussion during the talk was the role of “Consent Manager”. One could observe that there is still a confusion on the role of a “Consent Manager” under DPDPA 2023 vs “Consent Manager” in the NDHM and in the Account Aggregator project of RBI.

Under Section 2(g) of DPDPA, “Consent Manager” means a person registered with the Board, who acts as a single point of contact to enable a Data Principal to give, manage, review and withdraw her consent through an accessible, transparent and interoperable platform;

Under Section 6(9), “Every Consent Manager shall be registered with the Board in such manner and subject to such technical, operational, financial and other conditions as may be prescribed.”

We can therefore observe that the “Consent Manager” under DPDPA is a “Data Fiduciary” and not completely a “Technology Platform”. The Consent Manager under DPDPA can use a technology platform but is an entity with a visibility on the personal data where as Consent Manager in the Account Aggregator framework (AAF) is a pure technology platform like an ISP.

Legally the Consent Manager under Account aggregator account is an Intermediary under ITA 2000 where as the Consent Manager under DPDPA is a Data Fiduciary with obligations as set out in the DPDPA.

Considering that the Consent Manager platform under AAF can be technically configured in such a manner that the identity of the individuals is not accessible to any human being, it opens up the debate that there may be no apparent “Disclosure” from the data principal to the Consent Manager and hence the liabilities associated with DPDPA for a data fiduciary may not attach to the Consent manager platform. In a way it can be configured as an “Anonymised Transmission of identifiable data”.

Whether all Consent Managers under AAF have configured the system in this manner or not is a matter of audit. If they have not done so, they will also be Data Fiduciaries under DPDPA.

It is expected that when the requirements for accreditation of Consent Managers is released, there could be a criteria of minimum capital and net worth so that it may become a business of the large companies. It would however be necessary to have another layer of Consent Manager Registration Agencies who work as agents of Consent Managers. This could be similar to the Certifying Authority-Registration Authority set up in the ITA 2000 rules where the RA was not mentioned in the Act but brought in through practice.

The rules for Consent Managers need to be therefore drafted with the provision of individuals or entities who can be agents of Consent Managers who will be the real interface between the Data Principal and the Consent system.

Another area where there appeared to be some grey spots is about the “Data Minimization” .

The DPDPA does not specifically mention the Data Minimization though we expect this principles to appear in the subsequent notification of rules [under Section 8(4)]. Presently these have to be interpreted in the “Purpose Limitation” .

Probably we need to wait for the notifications to come up for further discussion on these subjects.

Naavi