We have earlier discussed the broad contours of Naavi’s “Personal Data Protection Standard of India” (PDPSI) followed by Ujvala Consultant’s Pvt Ltd. The PDPSI is meant to cover the requirements of Data Protection by Indian Companies exposed to the compliance requirements under PDPA 2018 (as proposed) and encompass the best practices covered under BS10012.
As a refinement of the approach to the standards, it is now decided that PDPSI-0219 will be considered as a subset of DPSI which shall be the standard for Data Protection in general by a Data Processing industry. This should be compliant with the ITA 2000/8 which applies to all kinds of data whether it is Personal or Corporate.
PDPSI itself will be divided into two levels namely Level I which will apply to Personal Data and Level 2 which will apply to Sensitive personal Data. DPSI will apply to Personal Data, Sensitive personal data and corporate data which does not consist of Personal Data.
Further DPSI will have schedules that map PDPSI to different regulations of other countries such as GDPR, CCPA, HIPAA, UK-PDPA etc.
The Data Protection Audit suggested by Naavi would be based on DPSI/PDPSI as the case may be.
The objective of developing these standards is to make the guideline available free of charge to the companies who need to implement data security as against the current system where they need to incur enormous expenses to buy standards even before implementing them.
More information will follow.