In our earlier article we had raised a term “Concurrent Compliance” as one of the goals of PDPSI. This was a new term coined after the more often used term namely “Concurrent Auditing”. In PDPB 2019, apart from the mandatory annual data audit by an external data auditor, Significant Data Fiduciaries were required to conduct “Concurrent Audits”.
Essentially, “Concurrent Audit” means that the organization maintains an ongoing supervision on its activities (in this instance compliance to data protection law) and not an intermittent audit conducted from time to time.
This means that if there are 50 principles of Digital Personal Data Protection Audit, which an external auditor would check once a year, the management has to keep checking these 50 parameters every day and every moment.
If DPIA is conducted as and when a new process is being contemplated, Concurrent audit should monitor DPIA on a daily basis identifying the changes that might occur in its data processing such as a new employee coming in, an existing employee exiting. or when new technology devices are purchased or sold.
Hence Concurrent Audit envisages an integrated system where relevant parameters are monitored on an ongoing basis and a dashboard is available for the management to follow. It is accepted that this is a complex challenge when the business parameters are continuously change. But organizations can work on setting up such systems initially at a higher level and later fine tune it as needed.
Under PDPSI, we are trying to use the online DTS system which we developed some time back as a tool for this Concurrent Auditing. The DTS system is a system which tries to assess the compliance of an organization to a given data protection law over 50 different Model Implementation Specifications (MIS). This was developed to assist the Data Auditor who makes an annual assessment. The same system can be also used by the management by creating a dashboard where DTS is being continuously monitored and fine-tuned.
Presently, we had introduced the online DTS system for PDPB 2019/DPA 2021 and GDPR and presented it on Ujvala.com website. This will now be suitably automated to generate the DTS on a continuing basis. As and when an external auditor makes an assessment, the self-assessed DTS would be modified to reflect the audited DTS. This will enable the synchronization of the internal approach managed by the DPO with the external auditor’s approach and both would learn by mutual exchange of views during the audit.
Await more information to be released on this service….