FDPPI (Foundation of Data Protection Professionals in India) is an organization dedicated to the empowerment of the Data Processing community in India.
The four dimensions in which FDPPI is working today are
a) Knowledge enhancement
b) Implementation Support
c) Advisory Services
d) Dispute Resolution
FDPPI started its Certification Courses in end 2019 with a Certification Course covering Privacy and Personal Data Protection Laws in India (Module I). It then introduced a Certification Course covering the Privacy and Personal Data Protection laws at global level by covering GDPR of the EU region, CCPA and HIPAA of the US region along with Singapore PDPA, Dubai DIFC DPL, and Brazil LGPD. (Module G). Towards the beginning of 2021, FDPPI also completed the Certification of Data Audit skills with special focus on the unique PDPSI (Personal Data Protection Standard of India) framework.
Recently FDPPI has embarked on two important activities to provide advisory services. The first was to set up a Data Protection Emergency Response Team (DPERT) which will not only track the data protection incidents world over, but also provide quick guidance to organizations confronting suspected or confirmed data breach incidents. The second initiative is the development of a “Personal Data Protection Guidance Board” (PGPDP) consisting of experts who can develop “Codes Of Practice” for personal data protection.
The PDP-GB is an ambitious project of FDPPI which should help the community to start adoption of a “Self Regulatory Best Practice Code” without waiting for the Government to pass the Bill and make compliance mandatory. Indian corporate world has an unsavory reputation that unless some thing is made mandatory, they would not be interested in compliance. Once the PDPB 2019 is passed into an Act, compliance would become mandatory and non compliance expensive. But until then Compliance is still under ITA 2000, mandatory but with low prospect of punishment for non compliance. FDPPI would however wish that the Indian Corporates would prove the sceptics wrong and start adopting the principles of PDPB 2019 as the due diligence under ITA 2000/8 and be compliant before the mandatory provisions kick in.
PDPGB is therefore likely to be a significant contributor to the development of a self regulated Data Processing industry in India.
Both DPERT and PDPGB are recent initiatives which are under development.
The fourth dimension of FDPPI is when disputes arise in the compliance environment and we need to provide dispute resolution support. Such disputes could be between a Data Fiduciary, a Data Processor and a sub contractor or between a Data Principal and the Data Fiduciary.
The Data Principal-Data Fiduciary dispute comes under the powers of adjudication and Appellate Tribunal under PDPB 2019 and hence DDMAC role may be limited in this context to Mediation. But in other cases it may provide arbitration support. Additionally DDMAC would also provide e-Ombudsman services to companies on request.
Under these four different dimensions, FDPPI will be working to serve the PDP community in India in different ways. To support these initiatives, FDPPI also undertakes other ancillary services as may be necessary.
FDPPI is today an aggregation of nearly 200 professionals who work in the space of Privacy, Data Protection and Information Security. As we grow, attempts are being to formalize the operations but it would take some time for FDPPI to come out of its “Start Up” phase and get fully established.
I take this opportunity to invite once again all the professionals who are interested in contributing to the cause of Privacy and Data Protection to join hands with FDPPI and take it forward.