Under DGPSI as the framework of Data Governance and Protection for compliance of DPDPA 2023, it is suggested that every organization should ideally be able to recognize a “Financial Value” for its data assets.
DGPSI recommends “Identification of the financial value of a Personal Data Asset and showing it as part of the balance sheet as a below the line item”
-to provide visibility to the importance of Data Governance and Protection in an organization.
-to enable provision of appropriate resources for Data Protection including appropriate compensation to the DPO
Though most organizations have not yet adopted this “Model Implementation Specification”, there is an increasing acceptance that this is a necessity as we go forward.
In this context we can draw attention to the Policy on Data Governance and Data Security issued by the Comptroller and Auditor General of India (CAG). This document tries to define the broad contours of how the CAG intends to pursue the objectives of Data Governance and Data Security in the light of DPDPA 2023. The Policy prescribes a mechanism for oversight and monitoring of our personnel who have been entrusted with the tasks of collectioń, storage analysis and dissemination of personal data.
This is translated into instructions for audit of Public Sector organizations which are bound by DPDPA 2023. This therefore becomes part of the FDPPI’s audit guidelines under DGPSI where applicable.
In its recent “Revised Directions for Statutory Auditors”, CAG has advised the auditors to verify amongst other things
“Whether the Company has identified its data assets and whether it has been valued properly”?
The data auditors under DGPSI framework should therefore take note of this requirement.
Naavi had already released a document “Data Valuation Standard of India” which has been under discussion for some time in select fora. The subject of “Data Valuation” has already been dealt with in the Course on Data Protection in IIM Udaipur as an introduction to the management students. Now the time has come to explore this further.
FDPPI/Naavi is launching a new program for “Certified Independent Auditors” in 2026 and one of the topics that we intend discussing is the “Valuation of Data Assets”. Naavi is developing an approach paper for Valuation of Data Assets as a guidance document under DGPSI and it should be useful in meeting the requirements of Auditors of PSUs under the CAG guideline.
Simultaneously, Naavi under Ujvala Consultants Pvt Ltd would start offering “Data Valuation” as a service. More details about this service would be released in due course.
Naavi
Also Refer:
PursuIT journal edition on Data Protection rom iCISA
Policy on Data Governance and Data Security (IA&AD)
