In modern Cars we find the “Advanced Driver Assistance System” or ADAS to improve the safety of driving. This includes the alerts on speed or lane discipline maintenance. A similar system of “Advanced DPDPA Assistance System” is represented by the “Independent Data Auditors”, a profession subtly recognized by DPDPA 2023 and identified by FDPPI.
This is the profession of “Independent Data Auditors” (IDA). FDPPI is the first to recognize the need for this profession and taken the effort to nurture this profession by starting a “Association of Independent Data Auditors of India” (AIDAI).
AIDAI was launched formally on 11th April 2026 in a physical function in Bangalore. But for the larger audience, AIDAI is being presented through a town hall meeting today the 27th April 2026 at 7.00 pm. The link for free registration is available here:
The Objective of this meeting is to introduce the nature and potential of this profession and to invite professionals like ISO 27001 lead auditors, Chartered Accountants, Cost Accountants, Company Secretaries etc to join the forum and expand their activities into Data Audit.
AIDAI also has the ambition of adopting “Probationary Independent Auditors” who will undergo a training for a period, work as interns and assistants to other DPOs before getting themselves “Accredited” or “Certified”.
AIDAI is built on the principle of “Vasudaiva Kutumbakam” inviting all professionals in similar areas of specialization to come together on one platform. What may surprise many but comes naturally to FDPPI is that even professionals who are certified by other organizations as DPOs or Chartered Accountants or CMAs are accepted as “Accredited” Independent Data Auditors and empanelled in AIDAI.
AIDAI has plans to conduct an induction program for all newly empanelled IDAs to introduce them to the basics of the profession of IDA some time in June 2026 at Bangalore. (Physical event).
Who is an IDA?
DPDPA 2023 expects a set of professionals who will
“Undertake “An evaluation of the compliance of a Significant Data Fiduciary in accordance with the provisions of the Act”.
The law prescribes that a Significant Data Fiduciary shall appoint an independent data auditor (IDA) to carry out the data audit.
It is the vision of FDPPI that has flagged this statutory role of an “IDA” as a professional who will be the “Guardian of Data Accountability”. Accordingly the new institution AIDAI is born.
Currently a Division of FDPPI, led by a CEO Mr Vijayendra Shenoy who is a veteran Information Security specialist and supported by a Governance Committee
The team at AIDAI will be guided by a group of Advisors who are leaders of their own in the industry. The Group of Advisors which is being finalized will consist of leaders from the related domains such as ISO auditors, DPDPA specialists, Chartered Accountants etc.
Prospects for IDAs
According to Rule no 13, of DPDPA
A Significant Data Fiduciary shall, once in every period of twelve months from the date on which it is notified as such or is included in the class of Data Fiduciaries notified as such, undertake a Data Protection Impact Assessment and an audit to ensure effective observance of the provisions of this Act and the rules made thereunder.
A Significant Data Fiduciary shall cause the person carrying out the Data Protection Impact Assessment and audit to furnish to the Board a report containing significant observations in the Data Protection Impact Assessment and audit.
These are the statutory activities that an “Independent Data Auditor” must perform and is mandatory in respect of a Significant Data Fiduciary.
Though there is still a need for clarity about “Who is a Significant Data Fiduciary” and whether the Government will take the responsibility of “Notifying” a data fiduciary as “Significant Data Fiduciary” or leave it to the judgement of a “Data Fiduciary” to himself determine whether he is a “Significant” data fiduciary or not based on the volume and sensitivity of personal data processed.
The Government cannot know the intricacies of the processing that a data fiduciary is undertaking and hence except defining sensitive sectors like Health Care or Fintech, cannot individually identify data fiduciaries who can be notified as “Significant Data Fiduciaries”. It will therefore be a self determination responsibility of a Data Fiduciary.
In the context of the use of biometrics and AI by most organizations, a large number of data fiduciaries who may not be having high volumes data will still possess “Sensitive personal information” with “Unknown AI Risk”. Hence wise organizations will err on the safe side by self classifying themselves as Significant Data Fiduciaries and take the assistance of Independent Data Auditors to help them keep within the lane and also to alert them from time to time when they tend to take an unacceptable Risk.
The profession which will act as this “Advanced DPDPA Assistance system” (ADAS) is the Independent Data Auditors who will assist the DPOs and guide the management towards the right path.
FDPPI and AIDAI is committed to nurture this profession and make it the key pillar of creating the DPDPA compliance culture in the country. It is indirectly the support structure for “Privacy Protection through Personal Data Protection”.
We invite all interested persons to join the town hall today and come on board this profession of the future.
Naavi
