Buying DPDPA Compliance Software

Posted on July 19, 2025 by Vijayashankar Na

While the industry is waiting for the MeitY to notify the DPDPA rules and roll out the implementation, MeitY is working overtime to polish the DPDPA Rules in such a manner that the Act does not get challenged in Supreme Court for the reason “Rules are ultra vires the Act”.

As per the Act, though there will be a Data Protection Board, (DPB), the role of DPB could be limited to managing the Grievance Redressal for the purpose of the implementation of the Act and major policy decision will remain with the MeitY. Hence any utterance from MeitY on DPDPA has the potential of being considered as a “Deemed Rule” or “Advisory” and has impact on the compliance. MeitY is therefore trying to take extra care to determine whether the Section 44(3) is likely to be the ground on which the implementation of the entire Act could be stayed by a trigger happy Supreme Court if properly needled by the team of known anti Government advocates.

In the meantime, many organizations are rightly focussed on “Compliance” and going ahead with their activity of Gap Assessment and Compliance Implementation. Many software developers are also busy in rolling out what they consider as the right solutions for compliance.

The designated or acting DPOs of an organization are confronted with a decision of whether they should go ahead and buy any Privacy Compliance software which will help them to “Discover” and “Classify”, applicable data, “Issue privacy notices and Obtain Consent”, “Monitor and Manage security of applicable data”, “Identify and Manage potential Data breach”, “Manage special Data Governance situations such as Guardian Consent, or Nomination, Cross Border Data Transfer” etc.

FDPPI by its objectives is committed to empower the entire “Data Protection Community” in India to usher in a suitable eco system where the Data Protection practices adopted by Data Fiduciaries are geared towards compliance.

Towards this objective, FDPPI has developed the DGPSI framework, as well as the C.DPO.DA. certification program.

The certification program empowers the professionals both those who would like to be DPOs as well as those who want to be Data Auditors. Data Auditors along with other consultants and Educators may be considered as “Compliance Intermediaries”.

To assist the DPOs, Data Auditors as well as the Data Fiduciaries, FDPPI has also developed the DGPSI framework for compliance. DGPSI is therefore a tool to be used by the industry for compliance and hopefully it addresses all the requirements of compliance keeping pace with the developments in the environment.

After covering the requirements of the Professionals and the Data Fiduciaries, FDPPI has now identified that there is a need to assist the “Software Intermediaries” to enable them align their products with the requirements of DPDPA Compliance.

To enable this, FDPPI has introduced then new “Special Associate Membership” program where software developers are provided support for fine tuning of the product as well as show casing their products for Data Fiduciaries to consider.

The “Fine Tuning Support” would be only to those entities which seek such advise. “Show Casing Support” is merely a passive support where the Product/Service providers are provided a Promotion Page in the website of FDPPI which can work as a Landing Page for their products.

FDPPI considers it as their duty to assist all segments of the Data Protection Eco System including the Professionals, Data Fiduciaries, Compliance, Intermediaries for Compliance, Software and Data Processing. Accordingly it is developing its services to each of these segments.

The latest initiative which is the “Special Associate Membership” program or SAM program is intended to enrol the community of software intermediaries and provide them some assistance to reach out to the Data Fiduciaries.

“Reaching out to Data Fiduciaries” requires a platform to show case the available software service both on the website and also the events where FDPPI is able to get professionals congregate.. such as the IDPS type of events.

Additionally, those who request may be provided with services towards fine tuning of the software to meet the compliance so that their software products may be considered as “DPDPA Compliant”.

It is the desire of FDPPI that “FDPPI Certified DGPSI/DPDPA Compliant Software” should be a value add to the community and we shall put efforts in this direction.

Next time you consider buying a Privacy Compliance software, ask the question to the vendor …Is the Software FDPPI Certified for DPDPA compliance?

Even if the software is not “Certified” if the software is under evaluation or fine tuning assistance of FDPPI, the buying decision would be protected partially from the risks of non compliance.

Naavi

P.S: We are aware that we can take horses to the water but cannot make them drink. We therefore wait for the industry to understand the value of the FDPPI service and use them if they consider it useful.

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.