Under the DGPSI system we have now introduced three types of DGPSI namely DGPSI-Full, DGPSI-Lite and DGPSI-AI. There is a need for us to reflect how these three modules of Compliance system interact with each other. Is DGPSI-FULL as it’s name indicates includes the other two? or are each of the three dimensions/avatars are stand alone systems? is a difficult question to answer.
Let us try if we can throw some light on this.
DGPSI has been a unique Compliance model for DPDPA Compliance. It is a framework which maps the requirements of compliance under five responsibility centers namely
-
- Management
- DPO
- Legal
- HR and
- IT
This is a Governance layer for compliance and reflects the Governance Risk of non compliance of DPDPA.
On the other hand, DGPSI-Lite is a “Legal layer” which maps the requirements of different sections of DPDPA into a requirement. This should address the Legal Risk of non compliance of DPDPA.
Compliance of DGPSI Lite would provide a good policy framework, which can be implemented in the DGPSI-Full implementation.
Now when DGPSI-AI is being introduced, we need to recognize this as a requirement arising on the “Technology Layer” where some of the processing uses “Artificial Intelligence” (AI).
Non-AI factors of implementation are taken care of by the DGPSI-Full but these requirements get augmented with DGPSI-AI because it alters the “Technology Risks”.
The legal risks are met through Governance and Technology and hence DGPSI and DGPSI-AI becomes instruments through which the Risks addressed by DGPSI-Lite is mitigated.
Naavi
