In 2018, FDPPI was launched as an organization for the promotion of Privacy and Personal Data Protection culture in India. After covering the foundation ground of certification programs and seminars, one important milestone was the launching of DGPSI or Digital Governance and Protection Standard of India on September 13 2023.
The DGPSI had its own sub-milestones such as the launch of DGPSI-AI and DGPSI-GDPR and will develop as a framework of reference for Data Protection Compliance in India and elsewhere in due course.
Now FDPPI is standing at the cusp of another milestone namely the launch of “Association of Internal Data Auditors of India”. (AIDAI).
Currently AIDAI will function as a division of the parent entity FDPPI and eventually it may be an independent entity by itself.
On 11th April 2026, FDPPI is set to formally dedicate the new entity to the public in a simple function in Bangalore.
The Launch of this new entity recognizes the emergence of the new breed of professionals namely “Independent Data Auditors” in India who are statutorily recognized under DPDPA 2023. They will be the backbone of the DPDPA compliance eco-system in India and are aptly called the “Guardians of Data Accountability”.
“Building Trust through Integrity and Independence” will be the motto of the organization.
The first objective of the organization is
Objectives:
- To serve as a collaborative platform for capacity building, knowledge sharing, and policy advocacy, and to act as an interface between Independent Data Auditors, industry stakeholders, and the Data Protection Board of India.
- To foster a culture of independence, objectivity, and accountability among Data Auditors, ensuring that audits of Significant Data Fiduciaries are conducted with integrity and that material findings are reported without bias or influence.
- To define, develop, and continuously evolve a nationally recognized framework of qualifications, competencies, ethical standards, and audit methodologies for Independent Data Auditors under the Digital Personal Data Protection Act, 2023.
Towards fulfilment of these objectives, the organization will
a) Empanel professionals as Data Auditors at multiple levels.
1. Empanelled Data Auditors Level 1: (EDA-L1) : All interested members who want to join the community
2. Empanelled Data Auditors (Level 2):(EDA-L2) with designated qualifications
b) Conduct in association with FDPPI appropriate Certification Programs CIDA (Certified Independent Data Auditors) with the following modules
-
- Module 1 – Auditor Profession & Ethics
- Module 2 – Audit Principles & Methodology
- Module 3 – Planning & Risk-based Approach
- Module 4- Risk Evaluation and Audit of DF, SDF and Consent Managers)
- Module 5 – Frameworks (ISO + DGPSI Architecture)
- Module 6– Applying DGPSI Variants
- Module 7– Evidence Collection & Control Testing
- Module 8 – Data Trust Score and Audit Reporting
- Module 9 – Mini Audit Simulation
c) Encourage development of tools for audit
In the meantime, FDPPI will focus on Education, Conduct of Certification Examination, Management of Study Centers across the country, Management of Grievance Redressal, advocacy on the law and related practices, Conduct Research, Publish relevant literature, etc. FDPPI will focus with “Implementation Consultancy” and work along with AIDAI for audits.
FDPPI and AIDAI will be like binary stars which will revolve around each other and support each other.
AIDAI will have a separate Advisory Body, Governance body and a CEO.
It is observed that the passage of DPDPA 2023 was a significant milestone which has now been formalized with the passage of the DPDPA Rules setting the time lines for implementation.
Though ITA 2000 and DPDPA 2023 are now applicable laws, the enforcement mechanisms always present a challenge. AIDAI is expected to support the Government in the enforcement of the DPDPA 2023 compliance by setting up an infrastructure for development of necessary professional eco system to enable audits as required.
The Concept of “Data Audit” is an audit of the “Governance of Technical implementation of law”. It involves legal knowledge, Technical understanding and Managerial acumen.
Governance of Data Includes “Valuation and Monetization of Data”. Hence it is considered that Chartered Accountants as well as Cost Accountants would consider this emerging profession as an extension of their current activities.
AIDAI will therefore attempt to bring together all professionals in Financial Audit, Cost Audit and Governance Audit in a single platform with auditors involved in Information Security Audits and Privacy Audits by whatever name it is called. Hence professionals in Internal Auditors Association, Company Secretaries Association, Lead auditors of ISO are all invited to join the platform. The Advisory body may reflect the same.
The launching of AIDAI will following the earlier developments in the industry such as Passing of the law, Notification of the Rules and Establishment of DPB. Significantly this is an industry initiative to support the larger goals of the nation from the MeitY and DPB.
Being an industry initiative, this can pave the way for better compliance and overcome the traditional challenges in enforcement. By promoting “Independence” in audits, AIDAI has the potential of being a watch dog for the implementation of a compliance culture going with the tag line “Guardians of Data Accountability”.
The “Independent Data Auditors” will conduct Data Compliance Audits for all kinds of Data processors including Data Fiduciaries, Significant Data Fiduciaries and Consent Managers. The rules already specify that significant deviations need to be reported to DPB and AI algorithms need to audited exclusively. These will be conducted by the Certified Independent Data Auditors who will also sign an “Ethical Professional Declaration” when they become member of this organization.
Now is the time for all professionals to join the Association. The Level 1 membership is “Intent Based” and any professional who is in tune with the objectives of the organization can be a member. Level 2 membership will depend on certain accreditation principles which the institution will fix such as passing of a Certification or Empanelment test.
Hence I request all professionals interested in being in the Data Auditor community, to join as Level 1 members as soon as the registrations open on 11th April 2026.
Naavi
