Naavi.org

This is in continuation of my response to the question raised by a professional on why anybody should chose FDPPI Certification instead of other certifications available at a  lesser cost.

Naavi’s views on the commoditization of ” CDPO” as a  tag that can be acquired just by registering for an online webinar.

Being a “CDPO” does not end with only knowing DPDPA 2023. It should try to equip the professional the ability to take the responsibility of being a DPO.

We observe that there is a proliferation of “CDPO” courses to take advantage of the rush in demand for professionals to be “Certified as CDPO”.

While it is good that there are many organizations who are into the providing education related to Data Protection, just as it has happened in the ISO certification game, “CDPO” certificates have become a commodity on sale or close to being so.

This should stop.

If anybody can register themselves for a webinar and be called “Certified” DPO, it would dilute the quality of other DPOs who with years of experience and hours of effort try to understand the application of the law into the technical environment in a systematic manner.

There are three elements of being a good DPO. First they should understand the law. Second they should understand how technical architecture has to be re-built to meet the legal requirements. Third, there should be a handbook for guidance of how to meet the requirements.

Lastly, “Participation” in a program is necessary but not sufficient to consider a person “Certified”.

FDPPI therefore provides “participation Certificates” different from the final “Certificate” which is issued only after a successful completion of an examination. “Evaluation based certificates” are different from “Participation Certificates”, both of which have their values but Evaluation based certificates are distinctly superior to Participation certificates.

FDPPI does not end its Certification training with classes on DPDPA 2023 only but discusses the technical challenges and extends it with a “Framework” as a guideline. The “Framework of FDPPI” for DPDPA Compliance is DGPSI which is available as an open source framework both in “Lite” version as well as “Full Version” with an extension for AI Deployment.

At present there is no  other training program that discusses a DPDPA Compliance framework along with the DPDPA law and Implementation challenges.

We want professionals who are aiming to acquire “Knowledge and Skills” donot fall into the trap of picking up “Webinar Participation Certificates” and call themselves “Certified”.

I hope organizations who recruit DPDPA Trained professionals distinguish the two kinds of certificates and ask “Where were you Certified and How?” before accepting any body as a “Certified DPO”.

FDPPI’s C.DPO.DA. program is conducted in offline and online modes from time to time. The next program is being conducted online on December 20 and 21. for which registrations are now open. 

Fees for early birds upto 12th is Rs 25000/-. Subsequently it will be Rs 29500/- with GST.

It is a comprehensive program which covers the law, the technology challenges as well as the implementation framework. The 12 hour online session is supplemented with another 12 hours and 43 minutes of recorded videos which include GDPR coverage in detail. Reading material and recommended books make the kit of the “Certified” professional complete.

The C.DPO.DA. participants get 12 hours of CPE credit and a participation certificate which is different from the final certificate which is issued to those who pass a three hour online examination.

Yes..it is tough to be a C.DPO.DA. from FDPPI but we want “Certificates” to be earned.

All participants of the FDPPI course also get one year complimentary membership of FDPPI for continued interaction with likeminded professionals. This will enable the  participants to continue to be under mentorship of FDPPI/Naavi when they have to implement their acquired knowledge in practice.

So, think before you chose how you are to be “Certified” as DPO.

I hope my friend who asked the question “Why FDPPI” is satisfied.

Any other comment is welcome.

Naavi

The Indigo fiasco is a good education for all organizations and the MeitY regarding DPDPA Compliance  deadline which comes on 13th May 2027.

The problem of INDIGO was directly related to their stubborn attitude to refuse regulatory compliance  and challenging the Government much the same way as Meta, Amazon or Google or X would like to do for the implementation deadline under DPDPA.

Given the fact that  Indigo refused to make arrangements for compliance even though 2 years was available for planning and implementation and tried to stall the implementation with Court cases, the Ministry was unable to foresee the game plan and even now is struggling to force Indigo to take corrective action.

Since there was prima facie evidence of deliberate negligence as claimed by the pilots, there was a case for criminal action against the CEO of the company who should have been arrested immediately (Could have been released on bail to initiate further action after which the case could have been withdrawn). But the Ministry of Civil Aviation was not strong enough to do it.

In the DPDPA case also, though 2 years is available, many of the organizations could raise objections in the court a few months before the deadline and force the Government to extend the due date. There is no guarantee that MeitY will be more committed than the Ministry of Civil Aviation in enforcing compliance.

Hence it is necessary for DPB to keep following how the major companies are moving towards compliance in the interim period from now to next 17 months and push organizations to show their preparations.

The SEBI should indicate  that under Clause 49 declaration, every listed company should declare the “DPDPA Non Compliance Risk” in their annual reports. Those companies who donot come under such listed companies must be pushed by the sectoral regulators to file an Action Taken Report for DPDPA Compliance every quarter from now onwards.

Share holders of companies should also raise this issue in AGMs. Media should try to track the implementation efforts independently so that we donot see a crisis on May 13, 2027 when a company may say “I am not compliant and will cause disturbance in the society if I am forced.”

Hope Meity and DPB will take appropriate Technical and Governance measures to ensure Compliance by the specified date.

FDPPI has a “Privacy Watch” page where public can report any of their observations on apparent violations so that a record can be kept of any deliberate challenge being mounted on the Government rejecting the compliance requirements.

Naavi

After the announcement of the next Virtual training program for C.DPO.DA. by Naavi/FDPPI from 20th December 2025, a query was received from a well known professional on

“Why anybody should chose to take this course when other courses which are also called “CDPO” are available at a lesser cost”.

Well it is good that options are available and it is the prerogative of any person to chose any option based on the cost or any other factor.

We can only say that a course should be evaluated on the basis of

1. Who is the faculty?
2. What is the coverage?..Is it India oriented?
3. What is the mode of delivery? …Virtual or Physical?
4. What is the content  presentation mode…lecture, discussions, case studies.. etc
5. Whether there would be an evidence of going through the course?..by way of participation certificate?
6. Whether there  would be an evidence of absorbing the contents of the course?..by way of a certificate after evaluation?
7. Whether the certificate is issued from an organization of repute?
8. Whether the organization issuing the certificate has a pedigree in the respective domain?
9. What kind of support reading material would be available?
10. Is there a CPE credit available?
11. Any other benefits?
12. Cost

If possible  you can give  1-10 for each of the above parameters add weightage to the different parameters and arrive at a net score and then compare  it  with the cost.

It is better if some of the participants  themselves make such an evaluation and give us a feedback.

Enclosed is a feedback sheet that you can use to evaluate a course. 

You can also use this Google form  and provide a feedback

Naavi

It is proposed that  Naavi’s Cyber Law College will be conducting a two day online education program on DPDPA in preparation for the Certificate exam of FDPPI for C.DPO.DA.

The Program  will be conducted on December 20th and 21st as a faculty led virtual program.

Time: 10.00 am to 5.00 pm with breaks at 11-15-11.30, 1.00 to 2.00 pm and 3.5 to 3.30 pm.

Coverage

Day 1:

Legal nuances of DPDPA and the DPDPA  Rules
Classification of DPDPA protected Data (DPD)
ROPA as a strategic tool of Compliance
Technical challenges of Management of Legal Basis for processing and Rights of Data  Principal

Day 2:
Governance  Structuring for meeting the obligations under DPDPA by a Data Fiduciary
The Roles of DPO and Data Auditor in the DPDPA era
Use of DGPSI as a Compliance Management framework
AI and its challenges in meeting the obligations with DGPSI AI
Comparison of DGPSI with ISO 27701

Fees Rs 29500/- including all taxes . This includes fees for examination (One attempt). Subsequent attempts Rs 5000/-
Early bird discount: Rs 4500/- (Net price Rs 25000/-)..Applicable till 12th December 2025

Sessions will be conducted with several discussions on case studies.

 Interested persons can register at https://fdppi.in/wp/c-dpo-da/

Naavi

It appears that Perplexity ai platform has been bought over by Google…unless Google is blatantly violating trademark law and NIXI  is ignoring the violation and GoDaddy is assisting the violation.

For the last few days it has been observed that the domain name www.perplexity.in redirects automatically to https://gemini.google.com/app.

This situation can arise only if Gemini/Google has registered the domain name perplexity.in or the domain name server of ICANN has been poisoned.

Since Perplexity is a well known brand name and it is a competitor to Gemini.ai, there is a clear trade mark violation unless Perplexity has willingly allowed Gemini to take over the domain name.

We checked the who-is information of the domain name which  unfortunately is registered with  Godaddy with a privacy protection mechanism that hides the information about the owners of the domain name. The obvious reason is “Privacy”.

As we have repeatedly pointed out, there is no “Personal Privacy” that can be an excuse to the domain registration since the registration is for business and there is no “Personal Privacy” either in India or US.

Now Privacy protection is the domain of DPDPA and Meity needs to re-visit  the practice of domain name registrars to redact registrant details of domains using “Privacy” as an excuse. Domain name  registration is for hosting electronic documents for public view and hence the registrant information must be considered as “Public”.

I also request  one of the public  spirited lawyers to take up this issue with a Court and get a direction that domain name registrants should not redact the registrant information and make the legal address of the registrant available for public to raise any dispute if required.

Assuming that Google is unlikely to so brazenly violate the IPR law, the presumption is that Perplexity has been sold out and any data shared with  Perplexity may now be under access of Google. This disclosure is a mandatory requirement for Perplexity without which they will be in violation of DPDPA.

Comments are welcome.

Naavi