Naavi.org was started (first as naavi.com) way back in 1998 with the objective of contributing towards “Building a Responsible Cyber Society”. In the process it continued to contribute towards “Developing Cyber Jurisprudence” by promoting independent interpretation of different aspects of Cyber Law such as the Electronic evidentiary aspects ingrained in the Section 65B concept of Indian evidence Act.
Time has now come for Naavi.org to extend this service to the Cyber Community in India with contributions towards the development of the Data Protection Eco system on the lines that will be beneficial to the Citizens who are looking forward to Data Protection as a means of Privacy protection, without destroying either the development of the industry or neglecting the needs of the Government.
We believe in co-existence and do not believe that “Privacy” is an objective to be reached at any cost sacrificing the need for coexistence with Security of the nation and the growth of the industry. Naavi believes that the Supreme Court means the same when it held that Privacy is a fundamental right subject to reasonable restrictions.
We therefore reject many of the criticisms of the law stating that PDPA as it is envisaged now will create an Orwellian State or that data localization will harm the industry.
Naavi.org along with the associate activities of Naavi such as Cyber Law College will therefore now focus on how to ensure that the proposed Data Protection law in India will roll out in the implementation stage achieving the delicate balance between Privacy, National Security and Industrial growth.
In this direction, Cyber Law College of Naavi conceived and implemented the first of the Certification programs creating awareness of data protection law in India in association with the Foundation of Data Protection Professionals in India (FDPPI).
FDPPI has now become the pioneer in India for development of skills required for being an efficient Data Protection Officer in India. FDPPI’s “Certified Data Protection Officer” program has already been rolled out with the first batch of the first module of the program having been completed on 23rd February 2020.
FDPPI’s program for development of skilled DPOs in India, is conceived with the vision of developing an alround DPO personality which includes “Knowledge with Attitude and Commitment”.
“Data Protection” is not simply understanding the clauses of the PDPA. Being aware of the law is only the knowledge part. The attitude part covers preparing the DPO to tackle challenges on three fronts namely being answerable to his boss within the organization which pays him the salary, the DPA which has a duty to protect the Privacy of Indian individuals and the Data Principals who look at the DPO as the custodian of their Privacy Rights.
While most of the international certification programs end with the testing of knowledge of the law, FDPPI’s program as of now recognizes this as only different modules of the development of the awareness about the law.
The Module 1 (or Module-I) which was completed recently, covered the knowledge level of Indian law as at the present level along with a comparison with GDPR which is the other globally known law.
The future modules envisaged are
Module 2: (Module I+)
More on Indian law when the law is passed into an Act, a DPA is appointed and the DPA issues some basic regulatory guidelines. This program will be only undertaken after the required developments take place. Hence we need to wait for some time to roll out this module. (Eventually, Module I and I+ would be merged into one)
Module 3: (Module T)
This module will cover the technology related knowledge essential for an efficient DPO. This will cover the technologies required for compliance and will also discuss the challenges to data protection arising out of the new technologies particularly in the field of AI, Big Data, Encryption etc.
Module 4: (Module B)
This module will cover the behavioural aspects related to an efficient DPO. This will cover interpersonal relationship skills including Leadership, Decision Making, Motivation, Team Building, Counselling, Conflict resolution etc.
Module 5: (Module G):
This module will cover a study of at least 5 international data protection laws including an in-depth study of GDPR and Data Protection Laws applicable to USA along with some other relevant laws such as Singapore, Australia as well as one optional country. This would be more an extension of the “awareness of law” from the Indian laws covered in Modules I and I+ to the global scenario
Module 6: (Module A)
This module will cover the skill requirements of a “Data Auditor” and follows the modules I, I+,T and B. This will encompass the system audit, information security audit and focus more on the harm audit, the DPIA and the annual data audit requirement under the law.
It is expected that in due course I and I+ will be merged into one and the other modules such as T, B, A and G will remain independent.
FDPPI has rolled out this plan of action and Naavi’s Cyber Law College will initially implement many of these modules as if it is an in-house implementation agency of these ideas. The objective is that when the Indian DPA is looking out for professional help for itself in designing the codes and practices and the conscientious industry players are getting ready in advance to be compliant before it is Compulsory, there will be a helping hand nearby with trained DPOs and Data Auditors.
At the same time, FDPPI wants to extend the partnership opportunities to other professional organizations who may have expertise in specific areas suitable for the different modules. They will work on a non exclusive basis to design and implement the training programs under these different modules. Some of the partners could work with regional focus and some could work pan India. Cyber Law College will assist this effort by gradually moving out of training responsibilities to the responsibility of coordinating the evaluation aspects involved in the Certification.
It is time therefore for interested organizations to come together and support FDPPI in its endeavor to build a Knowledgeable, Efficient and Ethical eco-system for the Data Protection industry in India. On behalf of FDPPI, I urge organizations and individuals interested in being the training partners for the FDPPI Certified Data Protection Officer program to get in touch with FDPPI at the earliest.