The Nature of Business Requirement Document released by Meity for Consent Management

Medianama, a well known website has commented on the Business Requirement Document (BRD) released by MeitY with the following caption.

“MeitY Explains How an Ideal Consent Management System Should Work Under DPDPA”

The perception has been that MeitY has actually released a guideline in extension of the DPDPA Rules on the Consent Management System more particularly for the Consent Managers.

We should however point out that this is a mis conception. The NeGD under MeitY has actually released this document to support a “Code Development Challenge” that it has floated for developing an open source recommendation for Data Fiduciaries.

“Consent Managers” who register themselves with DPB are also data fiduciaries but their requirement goes beyond managing the consent. They are an intermediary with multiple Data Fiduciaries whose services are used by data principals.

Further the BRD is a generic platform which requires to be customized by different data fiduciaries.

It is necessary to clarify the purpose of this document as otherwise there would be a difficulty for Data Fiduciaries who may think this is the final guideline from the Ministry.

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.