The concept of “Data Protection” has gained a larger than life importance in India in recent days with the advent of GDPR, impending advent of Indian Data Protection Act and the DISHA2018. Though GDPR is not directly applicable in India, being a country with a large stake in data processing, most IT companies in India have been working towards GDPR compliance as if it is directly applicable to them. A few of these companies have already designated Data Protection Officers (DPO) under GDPR though they had earlier ignored creation of an “ITA 2008 compliance officer” as was mandatory under ITA 2000/8 which is the current Data Protection Law in India.
If we observe the developments around the world, each country seem to be drafting a law called “Data Protection Law” or “Privacy Protection Law” which is supplementing the “Computer Abuse Act” or “Computer Crime Act” and other legislation which were meant earlier to address the issue of “Cyber Crime”.
Now if “Breach of Privacy” is declared as an “Offence” under the current Cyber Crime legislation, it would have been sufficient to address the issue of preventing breach of privacy through information misuse. However, the current tendency is to draft Data Protection laws which are elaborate and completely eclipse the current Cyber Crime laws, create multitude of regulatory authorities.
Since a Data Processing company in India would deal with business from multiple countries, they need to grapple with the data protection laws of multiple countries and this creates a complex business management issue.
In the midst of these complexities, professionals who are designated as DPOs or otherwise handle compliance responsibilities will shoulder fiduciary responsibilities and are expected to protect the interests of the Privacy Protection of individuals while working within the business organizations which have a legitimate interest in harnessing the personal data of the same individuals.
Hence all DPOs will have an inherent conflict of interest to manage the human right aspect of the individual with the commercial interests of the organization.
Wading through the maze of these laws require a continuous self education. In the process of such self education, nothing works better than “Peer to Peer exchange of thoughts”.
Recognizing the need for such a P2P platform for Data Protection Professionals, Naavi has proposed the creation of “Indian Association of Data Protection Professionals” (IADPP) as a body of Data Protection Professionals, by Data Protection Professionals and for Data Protection Professionals.
The concept is in its preliminary stage and is being expressed in detail through www.iadpp.in .
It is envisaged that Naavi will be a catalyst in the process of creation of this organization and it will be democratically managed by the members. There will be no commercial interest of Naavi in the management of this organization.
I invite all professionals who are directly or indirectly involved in “Data Protection” to participate in the creation of this body.
Kindly peruse www.iadpp.in for more information which will be updated there. Since Naavi is located in Bangalore, initial activities will be centered in Bangalore but it is desired that this will soon extend across India.
Please provide your honest feedback and contribute to take this idea forward.