At a time when BIS is considering re-inventing a framework for Compliance for Privacy in India, it is necessary to recognize how the DGPSI framework (Data Governance and Protection Standard of India used by FDPPI) has been thinking ahead of the requirements.
In one of the recent Security Studies in USA released on April 7, 2026, it was found that in the health care sector the security breaches involving third parties increased from 15% to 30%. This highlights the need for securing data processed by Data Fiduciaries with the assistance of Data Processors.
If you are a Data Fiduciary, you would therefore think of choosing a Data Processor who empathizes with your exposure to DPDPA liabilities and responds with empathy.
It is in this context that DGPSI developed a framework called DGPSI-DP meant for voluntary adoption of a compliance framework by Data Processors.
The normal response of sceptics could be…
“Even the Data Fiduciaries have not adopted compliance, where is the need for Data Processors who have no liability under DPDPA to adopt a compliance framework?”
It is certainly a valid question given the priorities of organizations. But wise corporate managers will realize that it is always better to go with a Data Processor who understands our problems better and has shown an inclination to be DPDPA Compliant even before it is considered mandatory by the law.
Developing an army of such “Trusted Data Processors” is the objective of the framework DGPSI-DP.
A brief view of the framework is already available here:
One can also view the detailed presentation of Naavi made to an open house.
It is time industry recognizes that “What FDPPI thinks today, is what others think day after tomorrow”
We hope BIS recognizes the futility of re-inventing the wheel by working on a new Privacy Framework from the beginning rather than adopting DGPSI.
Naavi
