An Indian DPO often works in an environment where the organization encounters both personal data coming under the jurisdiction of DPDPA as well as under GDPR.
DGPSI recommends that data is classified with a “Jurisdiction Tag” so that data to which DPDPA is applicable is separated from data to which GDPR (or any other country’s law is applicable).
Once this segregation is done, we will have different data buckets one for each jurisdiction making application of controls easy.
While compliance for DPDPA is recommended to be built under the DGPSI-Full (with DGPSI-AI) or DGPSI-Lite frameworks, the bucket of GDPR data needs to be covered only under GDPR. Currently one framework option for this purpose is ISO 27701:2025.
However, DGPSI which is basically a principle based framework is itself capable of being extended to meet the compliance requirements under GDPR.
To help professionals in being GDPR compliant along with DPDPA compliance, DGPSI has now been expanded to DGPSI-GDPR. It is still a 50 specification framework and includes some AI aspects also. Some of the specifications in the current version have been combined to keep the specification number count to 50.
This DGPSI-GDPR therefore becomes a “Made in India for the EU” framework which we recommend Indian companies to get certified from DGPSI auditors along with DTS maturity assessments.
The framework is being refined and will soon become a DPDPA-GDPR combo offer for implementation for companies who are Data Fiduciaries under DPDPA and Data Controller/Data Processor under GDPR. The first version of this framework will be discussed in the forthcoming C.DPO.DA. Certification program (Virtual) on December 20/21.
(P.S: The program will also discuss Digital Omnibus Proposal of November 19 and proposed GDPR Amendments. )
Interested persons may rush to register themselves asap. (The Early bird discount expires today.)
