Naavi.org

FDPPI has been in the forefront of being a “Guardian of Privacy”. The DGPSI framework provided the “Jurisprudential interpretation” of DPDPA 2023 for Data Fiduciaries to work on “Compliance By Design”. During this phase we started creating the  skills of a DPO. Many other organizations emulated FDPPI and created their own brands of DPO certifications.

Now the next phase of auditing of the implementation created by these DPOs has begun. After 13th May 2027, Significant Data Fiduciaries need to mandatorily have an “Independent Data Auditor” in place and will be looking around for not DPOs but Data Auditors.

FDPPI has now taken the necessary big step to create an eco system for “Data Auditors” to develop, acquire necessary skills and use the tools already created in the form of DGPSI frameworks.

Tomorrow the new era of “Independent Data Auditors” will begin in India with the launch of the “Association of Independent Data Auditors”.

This profession is a creation of the statute and the word “Independent” signifies that the data auditor must not have any conflict with the Data Fiduciary. They need to also be able to conduct Annual Compliance Audit of DPDPA compliance, DPIA, Audit of algorithms and even report significant observations to the DPB.

They will initially be monitoring the Significant Data Fiduciaries before other wise Data Fiduciaries also decide to err on the safer side with audit from such data auditors as a best practice.

In effect, they will be the eyes and ears of DPB to provide accountability to the compliance efforts.

FDPPI has therefore decided to catalyze the formation of the “Association of Independent Data Auditors of India” or AIDAI and is launching the new entity. Presently it is a division of FDPPI and will be headed  by a CEO, supported by a Governance Committee and guided by a cross industry Advisory Board.

A unique aspect of this AIDAI of FDPPI is that the doors are kept open for different kinds of professionals to be engaged with the organization.

At the Foundation level, any professional including the freshers  are encouraged to join the community as “Probationary Independent Data Auditors”. They can learn, associate with others and grow to be the future Independent Data Auditors.

Inevitably, FDPPI will have a Cadre of “Certified Independent Data Auditors” since it is already conducting programs for C.DPO.DA. where the traditional DPO certification was already extended to the Data Audit requirements. Now the Certification program will be divided into CEDPO (Certified Elite DPO) and CIDA (Certified Internal Data Auditor). They will be empanelled at AIDAI after a fresh online examination.

The most  significant aspect of AIDAI is that it is built on the principle of “Vasudaiva Kutumbakam” or “World is one family” .

The empanelment is therefore open to professionals trained and accredited by other organizations including DSCI or Lead Auditors of ISO family and other similar Data Protection or Information Security oriented organizations and also to other professional organizations like the ICAI, CMA or ICSI.

Such accredited agencies will be empanelled on the basis of validation of credentials.

At this point of time, it is the vision of AIDAI to be a unified platform for all professionals who conduct “Audits” in the all  pervasive medium of “Data” and  also break down the differences if any that exist between different professional groups.

We hope all will respond to this new way of thinking…

We invite all to engage with AIDAI and grow together.

Naavi

A new organization named Council for Digital Safety and Wellbeing  (CDSW) is being  established established to serve as a national platform for learning, dialogue, and collaboration, supporting institutions, communities and individuals in navigating these challenges responsibly across digital and AI enabled ecosystems.

The organization is founded by Mr  Aditya Vuchi and Dr Anil Rachamalla of Hyderabad

The vision of this  organization is “Powering India’s next digital era with safety, ethics, and wellbeing at its core, including the responsible and human-centric use of Artificial Intelligence.”

CDSW has adopted the following  objectives

• To educate institutions, organisations and individuals on digital safety, ethics, and wellbeing in an AI-driven world
• To engage stakeholders in constructive dialogue and collaboration on emerging digital and AI risks
• To elevate national understanding and leadership for responsible digital practices including safe, ethical, and accountable AI use

Naavi is participating  as part of the Advisory group in the formal launch of the organization today at Hyderabad.

Privacy is an integral part of “Digital Well  Being” and lack of Cyber Safety leads to identity theft which is the root cause of most of cyber crimes. Securing “Identity” of an individual by choice is the principle of Privacy and the Personal Data Protection regime is directly responsible for the protection  of identity theft and thereby the Digital Well being. FDPPI therefore is a natural partner for this initiative and happy to support the initiative.

FDPPI’s initiatives of “Privacy Mitra” and “FDPPI Study Centers” , directly support creation of Privacy awareness and build a Data Protection culture in the country.

On behalf of myself, Naavi.org and FDPPI, I wish the venture all the success.

Naavi

The earlier post on AIDAI as a milestone for FDPPI as well as for the Data Protection Eco system has elicited this comment.

“The article provides a thoughtful and timely perspective on the evolving data protection landscape in India and rightly characterizes the current phase as a structural milestone rather than a mere legislative event.

One of the key strengths of the article is its implicit shift in framing—from privacy as a conceptual right to data governance as an operational discipline. This is a necessary transition, especially in a rapidly digitizing economy where accountability, auditability, and measurable compliance outcomes are becoming central to regulatory expectations.

At the same time, I believe the discussion could be further strengthened by explicitly distinguishing between institutional readiness and enforcement maturity. While the notification of rules and the operationalization of the Data Protection Board of India represent significant progress, the effectiveness of the framework will ultimately depend on consistent enforcement, regulatory clarity, and the development of supporting professional infrastructure.

In this context, the article presents an opportunity to more explicitly recognize the role of independent assurance mechanisms. As envisaged under Section 10 of the DPDPA, the emergence of Independent Data Auditors will be critical in bridging the gap between statutory intent and operational compliance. Their role, analogous in some respects to financial auditors in corporate governance, can provide credibility, objectivity, and trust to the ecosystem.

Further, the article may benefit from articulating the evolving accountability architecture more explicitly—namely:

• • Data Fiduciaries as responsible entities,
  • The Data Protection Board as the enforcement authority, and
  • Independent auditors as the assurance layer.

This triadic structure, if developed effectively, can form the backbone of a robust data governance regime in India.

Finally, a forward-looking closing that calls for capacity building, professional standardization, and institutional collaboration would strengthen the article’s impact and align it with the emerging needs of the ecosystem.

Overall, this is a well-argued and important contribution that moves the conversation beyond compliance into the domain of governance and accountability. With a slightly stronger emphasis on enforcement realities and the role of professional assurance, it can serve as a foundational reference for the next phase of India’s data protection journey.”

In 2018, FDPPI was launched as an organization for the promotion of Privacy and Personal Data Protection culture in India. After covering the foundation ground of certification programs and seminars, one important milestone was the launching of DGPSI or Digital Governance and Protection Standard of India on September 13 2023. 

The DGPSI had its own sub-milestones such as the launch of DGPSI-AI and DGPSI-GDPR and will develop as a framework of reference for Data Protection Compliance in India and elsewhere in due course.

Now FDPPI is standing at the cusp of another milestone namely the launch of “Association of Internal Data Auditors of India”. (AIDAI).

Currently AIDAI will function as a division of the parent entity FDPPI and eventually it may be an independent entity by itself.

On 11th  April 2026, FDPPI is set to formally dedicate the new entity to the public in a simple function in Bangalore.

The Launch of this new entity recognizes the emergence of the new  breed of professionals  namely “Independent Data Auditors” in India who are statutorily recognized under DPDPA 2023. They will be the backbone of the DPDPA compliance eco-system in India and are aptly called the “Guardians of Data Accountability”.

“Building Trust through Integrity and Independence” will be the motto of the organization.

The first objective of the organization is

Objectives:

1. To serve as a collaborative platform for capacity building, knowledge sharing, and policy advocacy, and to act as an interface between Independent Data Auditors, industry stakeholders, and the Data Protection Board of India.
2. To foster a culture of independence, objectivity, and accountability among Data Auditors, ensuring that audits of Significant Data Fiduciaries are conducted with integrity and that material findings are reported without bias or influence.
3. To define, develop, and continuously evolve a nationally recognized framework of qualifications, competencies, ethical standards, and audit methodologies for Independent Data Auditors under the Digital Personal Data Protection Act, 2023.

Towards fulfilment of these objectives, the organization will

a) Empanel professionals as Data Auditors at multiple levels.

 1. Empanelled Data Auditors Level 1: (EDA-L1)  : All interested members who want to join the community

2. Empanelled Data Auditors (Level 2):(EDA-L2)  with  designated qualifications

b) Conduct in association with FDPPI appropriate Certification Programs CIDA (Certified Independent Data Auditors) with the following modules

1. 1. Module 1 – Auditor Profession & Ethics
   2. Module 2 – Audit Principles & Methodology
   3. Module 3 – Planning & Risk-based Approach
   4. Module 4- Risk Evaluation and Audit of DF, SDF and Consent Managers)
   5. Module 5 – Frameworks (ISO + DGPSI Architecture)
   6. Module 6– Applying DGPSI Variants
   7. Module 7– Evidence Collection & Control Testing
   8. Module 8 – Data Trust Score and Audit Reporting
   9. Module 9 – Mini Audit Simulation

c) Encourage development of tools for audit

In the meantime, FDPPI will focus on Education, Conduct of Certification Examination, Management of Study Centers across the country, Management of Grievance Redressal, advocacy on the law and related practices, Conduct Research, Publish  relevant literature, etc. FDPPI will focus  with “Implementation Consultancy” and work along with AIDAI for audits.

FDPPI and AIDAI will be like binary stars which will revolve around each other and support each other.

AIDAI will have a separate Advisory Body, Governance body and  a CEO.

It is observed that the passage of DPDPA 2023 was a significant milestone  which has now been formalized with the passage of the DPDPA Rules setting the time lines for implementation.

Though ITA 2000 and DPDPA 2023 are now applicable laws, the enforcement mechanisms always present a challenge. AIDAI is expected to support the Government in the enforcement of the DPDPA 2023 compliance by setting up an infrastructure for development of necessary professional eco system to enable audits as required.

The Concept of “Data Audit” is an audit of the “Governance of Technical implementation of law”. It involves legal knowledge, Technical understanding and Managerial acumen.

Governance of Data Includes “Valuation and Monetization of Data”. Hence it is considered that Chartered Accountants as well as Cost Accountants would consider this emerging profession as an extension of their current activities.

AIDAI will therefore attempt to bring together all professionals in Financial Audit, Cost Audit and Governance Audit in  a single platform with auditors involved in Information Security Audits and Privacy Audits by whatever name it is called. Hence professionals in Internal Auditors Association, Company Secretaries Association, Lead auditors of ISO are all invited to join the platform.  The Advisory body may reflect the same.

The launching of AIDAI will following the earlier developments in the industry such as Passing of the law, Notification of the Rules and Establishment of DPB. Significantly this is an industry initiative to support the larger goals of the nation from the MeitY and DPB.

Being an industry initiative, this can pave the way for better compliance and overcome the traditional challenges in enforcement. By promoting “Independence” in audits, AIDAI has the potential of being a watch dog for the implementation of a compliance culture going with the  tag line “Guardians of Data Accountability”.

The “Independent Data Auditors” will conduct Data Compliance Audits for all kinds of Data processors including Data Fiduciaries, Significant Data Fiduciaries and Consent Managers. The rules already specify that significant deviations need to be reported to DPB and AI algorithms need to audited exclusively. These will be conducted  by the Certified Independent Data Auditors who will also sign an “Ethical Professional Declaration” when they become member of this organization.

Now is the time for all professionals to join the Association. The Level 1 membership is “Intent Based” and any professional who is in tune with the objectives of the organization can be a member. Level 2 membership will depend on certain accreditation principles which the institution will fix such  as passing of a Certification or Empanelment test.

Hence I request all professionals interested in being in the Data Auditor community, to join as Level 1 members as soon as the registrations open on 11th April 2026.

Naavi

Naavi will be conducting a special mentor assisted program for CEDPO in April 2026 consisting of recorded videos along with mentor sessions of around 6 hours over weekends.

The recommended four book s will be provided as part of the cost (Courier Charges may be extra for some remote places).

Naavi