Investment Managers often find a situation when they have to chose a stock for investment not for themselves but for others. As an investor they follow a logic of personal challenge and are able to take higher risks. But in investment firm, when it comes to investing for others as a manager of a portfolio or a mutual fund organization, they tend to take the “Follow the Crowd” attitude. The reason is that “Safety First” attitude overcomes their rational thinking.
The logic is when you invest in TISCO and the price goes down, people will judge that the market has failed you. But when you invest in Adani and it goes down, people will judge your decision and perhaps even the intentions. Hence Investment managers building large portfolios always take the path of the crowd. This principle is well known and understood.
When I interact with Data Protection Professionals in India, I find a similar “Follow the Crowd Syndrome” . When we suggest you can use DGPSI framework for compliance to DPDPA, they still have a hesitation to switch from other more popular frameworks. When we suggest C.DPO.DA. as a certification, they still have a resistance to switch from other more popular framework. They forget that the “Popularity” of other frameworks and programs were developed in a different context and for a different purpose which is not relevant for their current requirements.
Self aware professionals should remember that Sunil Gavaskar or Kapil Dev were India’s best Cricketers of all times but when it comes to selecting the current Indian team for T-20, we prefer to chose a Surya Kumar Yadav or even Shivam Dube.
Let us reflect on why we are prepared to discard respected legends and switch over in such cases and draw lessons on choosing DGPSI or C.DPO.DA.
I agree that this largely depends on the self confidence and awareness of the professional. If I do not know or is uncertain on what is required for DPDPA Compliance, I will go with the crowd even if we know that the crowd may be wrong. The logic is “Being wrong with the crowd” is better than “Going alone and face the responsibility of justifying your action”.
For those who are sure of their ground, it becomes easy to chose the right path. This requires effort in understanding what is required to be a good Data Protection Officer or Data Auditor in India and what it means to construct and maintain a Data Governance and Protection Management System (DGPMS) in India than an ISMS. For those who know, it is immaterial if his ignorant customer may think it is better that vendor systems pass the test of ISMS instead of DGPMS.
FDPPI during its month end programs in Mumbai on August 31 and September 1, will discuss 27 implementation challenges and Solutions that are confronting us in the light of DPDPA 2023.
The objective of this program (one in Navi Mumbai and another in Mumbai) is to ensure that our professionals acquire the level of self awareness of DPDPA and Self Confidence so that they can break out of the crowd.
I request all ISMS auditors to check and find out if they are good enough for being called DPDPA auditors in the days to come and if not how they develop themselves towards this coveted opportunity.
When you say No to Sunny and Yes to Sky, people understand the context. Similarly when you chose C.DPO.DA. or DGPSI, people will understand.
Naavi