Ujvala to pioneer Algorithmic Transparency Audit as required under DPA 2021

One of the new requirements that has been brought into the Data Protection Audit in India through the DPA 2021 is the need for “Algorithmic Transparency”. Additionally all devices both software and hardware,  that process data needs to carry a security certification from an accredited lab.

The Data Protection Standard of India (DPSI) has been suitably modified to incorporate these requirements.

At the same time, the DPIA and Harm Audit concepts need to be upgraded to include the audit against any possible “Bias” of an automated decision making involved in data processing.

In order to provide a service for third party “Bias Audit”, Ujvala is developing a new line of activity for “Independent third party Bias Audit” of algorithms as may be considered adequate under DPA 2021.

This audit would not be at the Code level and therefore does not involve any IPR risks.

Ujvala is in the process of finalizing technology partners for this line of activity.


Posted in Uncategorized | Leave a comment

Ujvala Data Governance Consortium

Ujvala Consultants has created a virtual subsidiary named Ujvala Data Governance Consortium (UDGC) with effect from 1st August 2021. It will undertake projects related to Data Protection Audit as a group of professionals.

UDGC will be a division of Ujvala Consultants Pvt Ltd.

Posted in Uncategorized | Leave a comment

PDPSI Audits

Ujvala Consultants is one of the Certification bodies licensed by FDPPI for conducting assessments, audit and DTS (Data Trust Score) evaluations under PDPSI system.

PDPSI assessment is based on the Standard and Implementation specifications provided under the PDPSI framework.

PDPSI consists of 12 standards and 50 Model Implementation specifications. (MIS). The DTS evaluation is based on an assessment of an auditor on the effective implementation of these implementation specifications.

The Audit is based on the Implementation Charter developed based on a Gap Assessment based on the Model Implementation Specifications (MIS) but modified by the Management based on their Risk Strategy of Mitigation. The Risk Mitigation Strategy takes into account the organization’s preference for Risk Avoidance, Risk Absorption and Risk Transfer and the resultant modified set of Implementation Specifications is considered as the “Adopted Implementation Specifications”.(AIS)  The logic for modifying the MIS into AIS is recorded in the “Deviation Justification Document” signed off by the management.

The Audit is conducted based on the AIS of the Implementation Charter resulting in “Satisfactory” or ” Requires Improvement” comment. All audits will be accompanied by an allotted DTS score.

The Certificate is issued by Ujvala and copy filed with FDPPI. It is part of the PDPSI system that at the end of the audit, the auditee organization will file a “PDPSI Auditee Feedback” and send it directly to FDPPI. The feedback will also consist of a permission to opt in for disclosure of DTS.

Currently, Naavi and Ramesh Venkataraman are the Certified Lead Auditors for Ujvala, for the purpose of PDPSI audits.


Posted in Uncategorized | Leave a comment

Digital Media Compliance Guidance Center

With the notification of the new Intermediary Guidelines 2021 (Information Technology [Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021] notified on 25th February 2021, the Digital Publication scenario in India has changed substantially.

It will take some time for the full impact of this Surgical strike by the joint operations of the Ministries of IT and I&B to sink in to the industry.

The changes will affect all the large Intermediaries like Twitter, FaceBook, YouTube, WhatsApp, Telegram etc., the emerging Indian companies like Koo, Tooter, Arattai, as well as a number of YouTube Channels such as Shekar Gupta’s Channel , The News Minute  or other similar channels. The OTT Channels such as HotStar, ZeeTV, JioTV etc will all be coming within the provisions of the guidelines.

The compliance requirements in principle applies to any digital publication which has News content and therefore applicable to many blogs though by virtue of a smaller exposure they may not be coming directly under the definition of the “Significant Social Media Intermediary” or a “Publisher”.

The compliance requirements are not simple and will also need to incorporate a Grievance Redressal Mechanism.

Naavi has been operating the ODRGLOBAL.IN which is an online grievance redressal system and is ideally suited to be adopted for the requirements of this type. Naavi has also been engaged in ITA 2008 compliance as well as Personal Data Protection Compliance (GDPR, Indian PDPA etc).

Recognizing the needs of the Digital Media Publishers, Naavi has launched a new service namely “Digital Media Compliance Guidance Center” (DMCGC).

DMCGC will provide compliance consultancy to enable organizations maintaining news websites and news apps to maintain compliance as envisaged under the rules.

Non Compliance of the Intermediary guidelines would be like exposing the media organization to a volley of AK 47 bullets without as much of even a shirt to wear on, let alone a bullet proof vest.

The service would be provided through Ujvala Consultants Private Limited the Techno Legal compliance consultancy company.

Interested persons may contact Naavi through e-mail


Posted in Uncategorized | Leave a comment

GDPR Compliance.. A Better Tool at a more Economical Cost

When GDPR came into existence, it created a stir in the Corporate markets all over the world including India. The immediate concern was that the administrative fines under GDPR could go upot 4% of the global turnover of an organization which is considered a “Data Controller”. Additionally the applicability of GDPR was extended to organizations outside EU region if they were directing their business to the Data Subjects in EU or were profiling the activities of individuals in EU. Hence companies in India were concerned about non compliance of GDPR.

Since 25th May 2018 when GDPR came into effect there is a better understanding of the applicability of GDPR and how it operates on entities located in India, particularly if the organization is only a processor and is not a Controller or Joint Controller.

However the July 14, 2020 order of the Court of Justice EU on the invalidation of the US Privacy shield has given a new jolt to the Indian organizations. The US Companies are now out of the shelter of the self certified US privacy shield arrangement and are banking more on the Standard Contractual Clauses (SCC). The Controller-Processor template of a SCC is also extended by US data vendors to their contracts with Indian data processors along with the indemnity clauses.

As a result the need for documented compliance of GDPR has increased in India.

The fundamental obligation under GDPR is on securing the personal data of EU Citizens that is being processed. However, the SCC imposes a “Data Controller” obligation even on a “Data Processor” in certain exceptional circumstances. In some cases the data vendor may be not fully aware of the implications of GDPR in a given context and the Indian organization needs to negotiate with the data vendors the inter-se responsibilities and a proper role definition.

For both these reasons, Indian companies whether they are conrollers, joint controllers or processors, would do well to implement a GDPR compliance program within their organization.

Being fully GDPR Compliant will also enable the Indian Data Processing Companies to bid for business from out of India either from the EU area itself or from many other countries where there may be no data protection regulations and GDPR is looked upon as a Standard for data protection.

Presently organizations aspire to achieve GDPR Compliance through the privacy frameworks such as BS 10012 or ISO27701.

Both BS 10012 and ISO 27701 are frameworks specifically developed for GDPR compliance and address the issues of Privacy Protection envisaged in GDPR.

However the ISO 27701 is an extension of ISO 27001 and even BS 10012 makes a normative reference to ISO 27001. Both frameworks are therefore dependent frameworks and can be relied upon only if the organization is already ISO 27001 compliant.

In the Indian context,  Though large organizations would be comfortable with ISO 27001+ISO 27701 as the compliance standards SMEs and MSMEs would find it difficult to maintain ISO 27001 and hence ISO 27701 remains an impractical goal.

Also for most data processors, pursuing ISO 27701 would be an overkill.

In order to address the needs of such Indian organizations, Ujvala has adopted the standard created by Naavi under PDPSI and its extension PDPSI-GDPR as the effective alternative to ISO 27701.

Compliance framework of PDPSI-GDPR would be more than sufficient to cover all aspects of ISO 27701 along with ISO 27001.

Lead implementers for this implementation is also being developed by Cyber Law College through its certification programs in association with FDPPI. The consultants of Ujvala will be adopting this framework for GDPR compliance.

The PDPSI-GDPR in its full implementation mode is a step ahead of the ISO 27701 with a Data Trust Score to indicate the maturity level of the organization in terms of implementation of GDPR compliance program.




Posted in Uncategorized | Leave a comment

DIFC-DPL Compliance

Ujvala Consultants  adopts a customized audit cum implementation framework for compliance to DIFC-DPL 2020.

The framework has been developed under the “PDPSI” extension and is recognized as “PDPSI-DIFC Framework.”

PDPSI (Personal Data Protection Standard of India) was first developed as a framework for implementation of India’s proposed Personal Data Protection Act by Cyber Law College and is being adopted as an indigenous implementation framework for Data Protection in India through FDPPI. (Foundation of Data Protection Professionals)

It is now adopted as extended framework for other Data Protection Laws including GDPR to replace the ISO 27701.

The Extension for DIFC has 11 fundamental Standard statements followed by 44 implementation specification guidelines.

These guidelines are specifically tailored to meet the Techno Legal compliance requirements of DIFC and provides a structured implementation guideline.

Any Techno Legal compliance cannot be fully automated and hence a certain  level of interpretation is inevitable in implementation of any framework based approach.

In applying this framework, Cyber Law College has developed a few trained Lead Implementer who can interpret the provisions of DIFC-DPL 2020 in an appropriate manner.

Naavi will be personally involved in such implementation programs initially as the Lead Consultant in all projects of Ujvala.

Ujvala’s PDPSI-DIFC based implementation is offered as a consultancy service for all those companies who are intending to take compliance steps to meet the DIFC deadline of 1st October 2020 and thereafter.


Posted in Uncategorized | Leave a comment


Ujvala Consultants Private Limited is the corporate entity that owns the digital assets of Naavi such as the portals Naavi.org, cyberlawcollege.com, ceac.in, odrglobal etc.

Ujvala is focussed on providing education through Cyber Law College related to Information Technology Act 2000 of India, HIPAA, GDPR, Indian Personal Data Protection Act, Dubai DPL2020, Singapore PDPA 2012 etc.

As a supporting and Sponsoring member of FDPPI, Ujvala provides infrastructure support to FDPPI for its day to day operations and also through Cyber Law College provides facilities for running various training programs leading to Certification under FDPPI.

Ujvala works through Associate Consultants, one of whom is Naavi (Na.Vijayashankar) himself, who is also the Managing Director of the Company.

Posted in Uncategorized | Leave a comment

Welcome to Ujvala

Welcome to Ujvala Consultants Pvt Ltd, a pioneer in Cyber Law and Data Protection Compliance in India.

Explore the details on www.naavi.org, www.cyberlawcollege.com, www.ceac.in and www.odrglobal.in to understand the wide scope of activities of Ujvala Consultants Pvt Ltd.

Posted in Uncategorized | Leave a comment