DGPSI and Data Valuation

Posted on March 16, 2024 by Vijayashankar Na

DGPSI or Data Governance and Protection Standard of India has been adopted as a framework for implementing DPDPA 2023 by FDPPI. (Foundation of Data Protection Professionals in India).

In order to ensure that companies donot neglect the importance of recognizing the value of data, DGPSI marks the need for Data Valuation as a model implementation specification under the framework.

Model implementation number 9 (MIS-9) of DGPSI (Full) framework states

“Organization shall establish an appropriate  policy to recognize the financial value of data and assign a notional financial value to each data set and bring appropriate visibility to the value of personal data assets managed by the organization to the relevant stakeholders”

Also Model Implementation number 13 (MIS-13) states

“Organization shall establish a Policy for Data Monetization in a manner compliant with law.”

These two specifications ensure that DGPSI based implementation will draw the attention of the management  to the need for data valuation though the organizations may decide not to implement the recommendation and exercise their option of risk absorption by not complying with this specification.

The data valuation in the personal data scenario is interesting because the data protection laws affect the data value.

Accordingly if Personal data has no consent or consent is restricted for a given purpose, the value will accordingly get adjusted. Data for which consent is withdrawn or purpose has expired should be depreciated. The accuracy of data also influences the value.

These aspects make Data valuation in personal data context a little more complicated than in a non personal data scenario. More discussions are required in this regard to arrive at a consensus.

The DVSI model recommends a two stage valuation of personal data. In the first stage it requires computation of the  intrinsic value based on normal principles such as cost of acquisition, market value etc but later use a weightage based on a value multiplier index indicated in the following matrix which considers the quality of data including the legal implications.

This is a suggestion which requires further discussion by the professional circles. 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.