DPDPA is here…3: Leadership Awareness

In the last two articles, we discussed how a Compliance oriented organization in India may react to the passing of the DPDPA with the following steps.

Step 1:

Conduct a Board Meeting in which the advent of the new law is taken note of and instructions passed on to a designated person and a high powered committee within the Company to make a Business Impact Assessment and present it to the Board for further action.

Step 2:

We presume that the CISO or an existing DPO if available would be requested to present a report on the first level impact of DPDPA and suggest measures to be initiated in the short, medium and long term to meet the assessed risks. We shall call him the DPDPA Project Manager or DPM.

Now as a third step, we assume the role of the DPDPA Project lead and try to suggest further steps. This process may be an iterative process and there may be discussions with the committee of functional leaders to understand the impact on each of their activities.

For example, the How does DPDPA affect the Marketing division? R & D division? HR Division?, Legal Division? Finance division? etc.

While the first reaction is to develop a questionnaire and send it across to each of them, we must remember that the functional heads might have only heard of DPDPA in the media and may not have in-depth knowledge themselves.

Hence Step 3.1 is to create an awareness about DPDPA amongst the top management through a Discussion. If necessary the DPM may invite an external expert such as FDPPI to take the top management through this process.

One of the easiest ways is to avail the service of “Leadership Awareness Session” available for all Corporate Members as a one time complementary activity. The Company may call this the “Leadership Initiative for DPDPA” (LID).

At the end of the session, the DPM can distribute a questionnaire for each of the funcional heads to reflect and respond. Following this DPM can chart out further action.


About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.