DPDPA Challenge for Banks

We are now 314 days away from the full implementation of DPDPA 2023. From 13th May 2027, Banks like all other organizations will be facing the prospect of the  inquiries from DPB on customer grievances related to “Data Access”, “Data Deletion”, “Processing without Permission” etc.

FDPPI has been providing assistance to organizations to be compliant with DPDPA by developing specific compliance framework under the umbrella of “DGPSI” or Data Governance and Protection Standard of India, Recently the DGPSI-Hospitals, a framework for hospitals was released and is now under Public discussion.

One of the key issues in the Banking segment  is that personal data is collected and used at hundreds of branches while the data may sit in a central server and the DPO may be stationed in the head office without adequate oversight over the branch activities.

Additionally, use of data processors and AI has also increased and needs to be factored in.  Many of the Banks also have exposure to RTI act and POSH act which also cannot be neglected.

RBI has its own regulations on cross border data transfer, data retention and AI usage.

Many of the Banks have been notified under Section 70 of ITA 2000 introducing separate obligations of information security.

Most Banks have hundreds of processes covering multiple products, services.

Hence compliance in a Banking environment is complicated and requires special attention.

Hopefully DGPSI-Banks try to address as many concerns as possible in the Banking sector so that before 13th May 2027, Banks can make substantial progress in the implementation of DPDPA.

Watch out for more discussions on this website while the framework takes shape.

Naavi

Posted in Privacy | Leave a comment

DGPSI-Hospital framework for Public Discussion

FDPPI has developed a DPDPA Compliance framework for hospitals named “DGPSI-Hospital”.

A public consultation will be held virtually next week to discuss the framework with interested persons in the public.

Watch out for the announcement of the time. and link.

Naavi

Posted in Privacy | Leave a comment

Independent Auditor is the new profession being unveiled by FDPPI: Do not miss to attend

REGISTER HERE: 

(Registration fee: Rs 500/-: May be paid here: )

Posted in Privacy | Leave a comment

Madhya Pradesh Proposes new rules for Electronic Evidence

Madhya Pradesh Government has proposed a new Electronic Evidence Rules to make handling of electronic evidence for presentation to the Court easier. The rule is said to have been developed in consultation with MP High Court. It is pending approval and notification by the State.

According to MP Additional Chief Secretary (Home) Sanjay Shukla, the draft rules have been received by the government and are currently under examination. It is reported that similar initiatives are being pursued in several states following the Centre’s recommendations. If approved, Madhya Pradesh could emerge as the country’s first state to formally implement such a framework.

One of the benefits indicated is that mobile phones need not be submitted by people for presenting evidence. The evidence will be uploaded on an application  and will be treated as “Original Evidence”. Upload facility will be provided through E Seva Centers.

It is not clear if with the inclusion of E Seva Centers in the loop, this rule will dilute the  integrity of the evidence and enable manipulation. It is also debatable if this should have been done with an amendment to BSA Section 63 instead of the notification of a rule.

In our view there was no need for depositing the Mobile even now since Mobile is only a container of evidence and not the electronic evidence. This distinction has not been  appreciated by many and perhaps including MP High Court. What Section 63 requires is a faithful copying by a certifier whose integrity is impeachable. If the certifier makes any false certification, he would be liable for perjury.

Second misconception is that an “Expert” is the “Notified Digital Evidence Examiner”. In our view it is not necessary.

We also have some reservation on the power of the State Government to make an amendment of this type. It could have been better addressed by an amendment of BSA 2023 itself.

Integrity of the APP being developed by NIC and the E Seva Centers would be now part of the E Evidence System. How they will  they hold up to pressures of evidence manipulation is another challenge to be addressed.

Let us see how this develops. (Copy of the draft is not available so far)

Refer the article here: at Bhaskarenglish.in

 

Comments are welcome.

Naavi

Also Refer:

Dainik Bhaskar 

Request for Guidelines (Writ by Sidharth Luthra) ..at Supreme Court

 

Posted in Privacy | Leave a comment

Posted in Privacy | Leave a comment

FDPPI–MYRA Partnership Creates a New Benchmark in Professional Certification for Data Protection in India

 

A new era in Certification of professionals in the area of Data Protection has dawned in India with the collaboration of FDPPI with MYRA School of Business.

For the first time in India, a leading professional body in Data Protection is joining hands with an AICTE-approved Business School to create a new model of professional education and certification.

 

The Foundation of Data Protection Professionals in India (FDPPI) and MYRA School of Business, Mysuru, are in the process of formalising a Memorandum of Understanding (MoU) under which professional certification programmes developed by FDPPI will be offered under the joint FDPPI–MYRA brand.

This partnership marks a significant milestone in the evolution of professional education in the field of Data Protection, Privacy, AI Governance and Data Auditing.

A Journey That Began in 2019

When FDPPI launched its professional certification programmes in 2019, the Indian Data Protection ecosystem was still in its infancy.

At that time, most certification programmes available in India revolved around the GDPR. Professionals aspiring to build a career in Privacy largely depended on international certifications or programmes that interpreted Indian requirements through a GDPR lens.

FDPPI took a different path.

It recognised that India required professionals who understood not merely international privacy principles but also the unique legal and technological landscape emerging under the Information Technology Act, 2000 and, subsequently, the Digital Personal Data Protection Act, 2023 (DPDPA).

Over the years, FDPPI developed an India-centric body of knowledge, continuously refining its curriculum to reflect evolving legislation, judicial interpretations, governance practices, and implementation experience.

Competition Has Increased—So Has the Need for Differentiation

As the importance of Data Protection has grown, several organisations have entered the certification space.

After FDPPI introduced its programmes, industry bodies and private training organisations launched their own certifications. Today, there are numerous programmes marketed under titles such as “Certified Data Protection Officer”, “Certified DPO”, “Privacy Professional”, and similar designations.

Healthy competition benefits the profession.

However, it has also created a situation where prospective students often find it difficult to distinguish between a short-duration training programme and a professionally governed certification backed by sustained academic and industry expertise.

Certification should not merely represent attendance at a training programme. It should signify competence, ethical commitment, professional accountability and continuing development.

That is precisely where the FDPPI–MYRA initiative seeks to create a meaningful distinction.

More Than a Training Programme

The proposed FDPPI–MYRA certification framework is not intended to be another entry in an already crowded catalogue of professional courses.

Instead, it represents the coming together of two complementary strengths.

FDPPI contributes:

  • years of specialised expertise in Data Protection, AI Governance and Data Audit;
  • India-specific frameworks such as DGPSI;
  • professional certification standards;
  • industry practitioners and subject matter experts; and
  • an active community of Data Protection professionals.

MYRA School of Business contributes:

  • academic rigour;
  • structured learning methodology;
  • institutional quality assurance;
  • research orientation; and
  • the credibility associated with an AICTE-approved management institution.

Together, the partnership bridges the traditional divide between academia and professional practice.

A New Category of Professional Credential

This collaboration creates something that has been largely absent in India—a certification that carries both professional legitimacy and academic association.

Rather than functioning merely as a training provider, FDPPI brings to the partnership years of experience as a professional standards organisation that has actively contributed to India’s Data Protection ecosystem through publications, conferences, research, governance frameworks and professional networking.

MYRA brings the discipline and credibility of higher education.

The result is a professional credential that combines knowledge, practical implementation capability, governance understanding and ethical responsibility.

Preparing Professionals for Tomorrow

The Data Protection professional of the future cannot be confined to understanding statutory compliance alone.

Modern organisations require professionals capable of navigating an increasingly interconnected landscape involving:

  • Digital Personal Data Protection;
  • AI Governance;
  • Information Security;
  • Cyber Risk;
  • Data Auditing;
  • Corporate Governance;
  • Regulatory Compliance; and
  • Responsible Innovation.

The FDPPI–MYRA collaboration is designed with this future in mind.

The programmes are expected to evolve continuously alongside developments in legislation, technology and industry practice.

Beyond Certification

Professional education does not end with passing an examination.

The objective is to build a community of competent professionals who continue to learn, share experiences and contribute to the growth of India’s Data Protection ecosystem.

The partnership therefore aims not only to offer certifications but also to encourage research, case study development, executive education, industry interaction and thought leadership in emerging domains such as AI Governance and Data Assurance.

Looking Ahead

The proposed MoU represents more than an institutional partnership.

It symbolises the maturation of the Data Protection profession in India.

Professional competence must increasingly be supported by academic rigour. Academic knowledge must equally be informed by practical implementation experience.

The FDPPI–MYRA collaboration seeks to combine both.

As India moves towards full implementation of the Digital Personal Data Protection Act and organisations prepare for an AI-driven digital economy, the need for professionals who possess not only technical knowledge but also governance capability, ethical sensitivity and business understanding will become increasingly important.

The FDPPI–MYRA initiative is intended to prepare such professionals.

The formal announcement of the partnership, along with details of the first jointly branded certification programmes, will be made shortly.

For FDPPI, this is another step in its continuing mission of building India’s own ecosystem of competent, ethical and globally respected Data Protection professionals.

The journey that began in 2019 is now entering its next chapter.

Naavi

Posted in Privacy | Leave a comment