Data Trust Score (DTS) is a measure of the effectiveness of compliance of an organization to data protection law as assessed by an auditor. This brings visibility to the common man of how reliable are the data protection measures in an organization. It also brings accountability to the data audit system by requiring the auditor to convert the subjective assessments to a common objective number.
In the Corporate and Investment world, “Credit Rating” is a common measure of the safety of investment in an instrument and has been widely used. DTS now brings this concept to the world of “Personal Data” which is like a currency which public invest and Data Fiduciaries collect and use for generating business revenue.
Naavi has been working on developing a DTS system based on the PDPB 2018 which later became PDPB 2019 and now referred to as DPA2021 (or DPB 2021). In this process, Naavi developed a framework referred to as “Data Protection Compliance Standard of India” (DPCSI) which incorporates the best of the various frameworks for implementation of ISMS or PIMS and extends it with some other unique concepts.
Now, Ujvala has simplified the process of DPCSI audit by enabling DTS evaluation online. This online DTS computation has been enabled as a “Self Evaluation” based on certain assessment questions, submitted for review to Ujvala Consultants for validation. Validation can be further strengthened by review of policy documents into a summary assessment of DTS. Finally the system merges with a Certifiable audit by a FDPPI certified auditor.
We are pleased to announce now that the model which was first constructed for compliance of Indian data protection law, has also been made available for evaluation of the GDPR compliance.
DTS is not mandatory for GDPR compliance. However, going through this evaluation process would provide a first gap assessment for any organization and indication of what kind of policy documents may be required.
The online Link to self assessment will be available on the payment of a prescribed fee.
The assessment goes through different steps over 50 Model Implementation specifications (MIS 1-50) and covers five responsibility centers in the organization namely,
General Instructions for use of the “DTS-GDPR” system
The assessment has been divided into five sections corresponding to the five different responsibility centers, so that different representatives of the company can complete the assessment in each of the sections. Each section covers the Implementation Specifications related to the specific responsibility center. The user is expected to complete the questionnaire with reference to the current practices in the organization.
The questionnaire consists of one or more questions related to each of the Model Implementation Specifications followed by a self assessment of an evaluation score for the specific implementation specification on a scale of 1-10. For each assessment, a list of documents referred may be indicated.
When these individual scores for each implementation specification is totalled, one arrives at the total score for the section.
It is envisaged that each section would be completed by a designated person.
The completion of the questionnaire can be stopped and continued as per the convenience of the responder. It can be reviewed internally before it is finally committed for submission.
The summation of the assessment scores for each of the five sections provides the first raw estimation of DTS of the organization based on self declaration.
When this assessment is submitted to Ujvala, Ujvala will apply a weightage system and compute an “Adjusted DTS” and communicate it to the organization along with some critical recommendations if any for further action. A Certificate would be issued in support of this “Self Assessment”. A general feedback on the next action required will also be provided by Ujvala along with the self assessment certificate.
Additionally, the organization may chose to elevate the self assessment into a “Summary Assessment” by Ujvala based on submission of evidentiary documents such as policy documents etc for review.
This would be separately Certified as “Provisional DTS” for the organization.
If the Company opts to go for a full fledged audit of their compliance under the DPCSI framework which should meet the standards of Section 29 Data Audit, the audit will be conducted by an FDPPI accredited Certification body and may be certified by FDPPI under its norms for Certification.
Will be provided on request
The cost of Summary assessment by Ujvala with a review of the documents submitted would be based on the documents to be reviewed and an estimate would be provided after the basic DTS is provided.
The cost of final Certification audit would depend on the estimate of the work involved and as per FDPPI guidelines if any.
Confidentiality of Information Submitted:
Kindly Note that the information submitted for assessment will be available for the team of consultants of Ujvala which consists of Naavi and his associates who provide their assurance for confidentiality of data through Ujvala.
Since the evaluation questionnaire is hosted on an external website and the security of data entered there in is subject to the security provided by the said website, an option is made available to the respondent organization to seek an Pseudonymous ID while making the payment which can be used on the website where the responses are completed. The responses donot contain any corporate data once the name of the organization is pseudonymized.
The person completing the questionnaire will use the proxy ID for the company but will provide his e-mail address. This email address is considered “Business E Mail” and not personal information.
For any further clarification, kindly contact Naavi