The launch of DGPSI-GDPR is not just another event. It is a symbol of Indian Data Protection eco system coming of age not only to be compliant with DPDPA 2023 but also provide the guidance to the compliance of other data protection laws such as GDPR. The work has started and with the cooperation of the community we will have a framework that is acceptable as a good guidance to all companies firstly in India.
DGPSI (Digital Governance and Protection Standard of India) was developed as a guidance framework for compliance of DPDPA. It is a useful framework today for implementation of the DPDPA 2023 in an organization as well as for audit and assessment.
In India we also have many organizations who process data from outside India and most of them so far treated GDPR as the standard for Data Privacy Compliance. With the coming of ISO 27701:2025, the GDPR Compliance through ISO 27701:2025 as an independent certifiable framework also received a boost.
In this context, most organizations in India are confronted with the need to look at two compliance drives one for DPDPA and another for GDPR.
While some would like to adapt GDPR compliance to DPDPA compliance and use ISO 27701:2025 (modified for India), an alternative is to use DGPSI and adapt it to GDPR compliance.
To facilitate this use of a Made in India framework for compliance of GDPR, DGPSI has now been extended with a DGPSI-GDPR version. This uses the 50 Model implementation specifications of DGPSI with subtle changes to be capable of meeting the GDPR requirements.
This is a a game changer in the domain of Data Protection Compliance in India and a transition point where DGPSI becomes the source framework from which compliance of Data Protection laws of other countries can be carved out.
Currently, FDPPI is working on a draft version of the DGPSI-GDPR version and the Certified Data Auditors of FDPPI will be trained to use the version for GDPR compliance as may be required.
Under DPDPA, data processing activities where process foreigner’s data under a contract are exempted from DPDPA. Such activities involving EU data are now capable of being implemented and audited using DGPSI-GDPR. It is one of the requirements of DGPSI that personal data is classified on the basis of applicable jurisdiction and hence even where the data is currently mixed up, they need to be segregated and a virtual GDPR processing division has to be created. Such virtual division can now use DGPSI-GDPR as the framework for compliance.
Can an India framework take on the compliance of Global Data Protection Compliance? …will be a question in the minds of many data protection professionals.
Let us make it happen. FDPPI invites all data protection professionals in India to put in their efforts to develop the DGPSI family of frameworks to expand and provide guidance to the compliance of GDPR as well as other data protection laws in due course.
Naavi
