Yesterday, mr Ravi Shankar Prasad, the honourable minister of MeitY presented the “Personal Data Protection Act 2019” (PDPA2019) which is the revised version of PDPA 2018 suggested by the Justice Srikrishna Committee which was presently under discussion. The new version incorporates some changes based on the public comments as well as the discussions with stakeholders undertaken by the Government.
The copy of the new version can be accessed here : http://www.pdpa2019.in
The bill has now been sent to a select committee for review and re-presentation during the budget session in February 2020. By all indications, it is likely to be passed before the end of the budget session.
At the next stage the Data Protection Authority has to be constituted and necessary rules need to be notified.
When the Act is fully operational, all Data Fiduciaries namely those who collect, process personal data will come under the provisions of the Act. Amongst them those who deal with “Sensitive Personal Information” will need to designate a “Data Protection Officer” (DPO).
The DPO will be an executive at the higher levels of management on par or even above the CISO and needs to have the skills to advise the company on technical aspects of data security, legal aspects of Privacy protection and HR skills of negotiation to deal with the DPA, the Adjudicator, the Cyber Appellate Tribunal (Coordination with a lawyer), mediation with the data principal etc. He needs to also have audit skills and skills to manage internal relationships in the organizations where he is likely to have clashes with the Business heads and CTOs and CISOs.
Further most Indian companies will be exposed to Data Protection regulations of not only India but also other countries.
Recognizing all these requirements, Cyber Law College, which recently started a course on PDPA in association with FDPPI, has decided to take up a long term plan of developing well rounded DPOs through a multi level Course structure.
The present program will be considered as Level I of becoming a “Certified DPO”. Next year after the Act is passed, DPA Constituted, Codes and Practices for data processing established, there will be a next level of training which will be called Level-2.
Subsequently a “SoftSkills Development” training will be conducted to cover the requirements of the DPO and it will be considered as Level 3.
Presently the technical skills are kept out of these training since there are other avenues for this purpose. However certain technical aspects that are relevant for Data Protection may be covered under Level 3 or separately as Level 4.
During these programs the discussions will also cover major international data protection laws such as GDPR, CCPA, Federal Data Protection Laws of USA (When established) etc.
Education is endless and need to acquire additional knowledge and skills is ever green. Hence Cyber Law College will continue to add value to each levels of these trainings as may be relevant at the appropriate time.
This entire program developed by Cyber Law College is being recommended to be introduced through the FDPPI, the Foundation of Data Protection Professionals in India which is a Not for Profit Section 8 company.
I look forward to the support of all well wishers in making this program a success. One way to take this forward with your participation is to join the movement of FDPPI as a member and make it the movement of all Data Protection Professionals in India.
Naavi