AIDAI is a unique concept of bringing Chartered Accountants who are today engaged in Financial Audit into the domain of “Independent Data Auditor”. (ID)
The principal role of an IDA is to ensure compliance of DPDPA and this applies to all those who act as Data Auditors for a Significant Data Fiduciary.
Apart from the natural development of “Privacy Auditors” into the role of IDA, AIDAI has envisaged that ISMS auditors such as “Lead Auditors of ISO 27001” also migrate to be IDAs. This also may look a natural transition.
AIDAI has also identified “Advocates” to be part of the IDA community though they may not be proficient in the technology area. This is because there is a huge element of legal compliance associated with DPDPA which require experience as a Legal professional. This relates to the contracts with data processors, Defining the status of an Instrumentality of State or Exemption Status, Management of Grievance Redressal, handling of DPB Inquiries. We hope Bar Council will not have any objections for the Advocates to be part of the IDA community.
[P.S: AIDAI is organizing a special talk on May 23rd to discuss the role of Advocates in AIDAI. (Link for this proposed virtual talk at 11.00 am is here) ]
However AIDAI has called for Chartered Accountants also to be part of the IDA network along with the Cost Accountants and Company Secretaries. May be many of the professionals in this domain are uncertain what is the special role that they have in the Data Audits so that they should consider becoming IDAs along with being what they are now.
However the Data Industry survives on “Data Monetization” which is facing a challenge because of DPDPA. Data Monetization leads to “Data Valuation”. Hence the Data Governance activity of “Profiling of Data Principal” is linked to finding a value to the personal data and the associated observations. These activities are closely linked to the activities of a Chartered Accountant or a Cost Accountant. The Company Secretaries on the other hand are responsible for the Corporate Governance and hence should be interested in participating in the Data Audit as part of their responsibilities. If the compliance is not properly managed or if the Data Monetization is not managed properly, the corporate Governance suffers and hence the Company secretaries have a relevant role in Data Audit.
Hence the CAs, CMAs and ICS professionals are considered part of the AIDAI community and we invite them to join hands.
I am presently uncertain about how the ICAI or ICMAI or ICS will react to their members being part of the IDA community.
AIDAI believes in Vasudaiva Kutumbakam. But will others reciprocate?
I invite the views of these professionals to discuss and debate this collaboration of Privacy Auditors with Advocate, CAs, CMAs, and ICS members.
Naavi
