Referring to all the articles on PDPSI-GDPR, the framework if it can be called so is suggested as a methodology for data auditors to adopt for conducting data audits. Most of the data audits are management decisions and for an assurance that appropriate measures are in place for compliance.
The Standards and Certifications are not to give any false impression to the regulatory authorities that they are in compliance. While the CISO can satisfy the Board that the Certifications indicate everything is fine, the owners of any business are always vary of the risks that persist despite the certifications. Hence any methodology which is robust and provides a better assurance should be preferred rather than whether it is certified by any particular standard.
PDPSI is a framework for Personal Data Protection and as a Standard that emanates from India, it is applicable for compliance of PDPA as per its initial design. However the same framework as an extension such as PDPSI-GDPR can satisfy the BS10012 and its clone ISO27701. Similarly PDPSI-CCPA can satisfy the CCPA or PDPSI-SGPDPA can satisfy Singapore PDPA or PDPSI-DIFCDPL2020 can satisfy the Dubai data protection law of 2020 etc.
The “Pseudonymization Gateway”, the “Classification tagging of Personal Data”, “Distributed Responsibility Structure for data protection” and “Measurability of compliance maturity” are innovations which can add value to the audit process and the assurance to the management more than what the other standards can provide.
Cyber Law College/Naavi are willing to share more insights to auditors to adopt to this framework.
Naavi
Reference Articles:
What is Pseudonymization Gateway
Governance and Implementation Structure under PDPSI-GDPR
PDPSI-GDPR the replacement for ISO27701
Also refer www.pdpsi.in