DPDPB 2023 based Audit now available

The Government of India has introduced a new version of the Digital Data Protection Bill 2023 in the Parliament.

Once the Bill is passed, it becomes the new Data Protection Act in India for personal data.

Till the Bill is passed Information Technology Act 2000/8 (ITA 2000/8) with Section 43A and the Reasonable Security Practice notification for Sensitive Data will be the applicable Personal Data Protection Law. The DPDPB 2023 will be considered as a “Guideline” under the Due Diligence/Reasonable Security Practice under Section 43A of Information Technology Act 2000/8.

Ujvala is immediately upgrading its audit methodology to be compliant with DPDPB 2023 and adopting PDPCSI for Privacy assessments. These will be certified under the FDPPI certification program.

For more information, kindly contact Naavi.

Naavi

Posted in Uncategorized | Leave a comment

Data Protection Compliance Consultancy from Ujvala

The uncertainty over the Data Protection Regulations in India are now behind us. The law in India at present is Section 43A of ITA 2000 until the DPDPB 2022 becomes an Act and notified for implementation. The law even if passed in February may become operative after 1 year.

However, as per the current legal environment today, DPDPB 2022 will be a “Due Diligence” under ITA 2000 and hence “Section 43A of ITA 2000 plus DPDPB 2022” will be the Data Protection Law of India.

Organizations need to therefore start working on compliance based on this framework.

Ujvala  has now designed a new consultancy window for corporates on implementing Data Protection Compliance programs in their respective organizations.

Cyber Law College which is a division of Ujvala is introducing a DPO training program to meet the current requirements.

These services would be exclusively offered through FDPPI of which Ujvala is a Patron member.

The consultancy will be a two stage process. The first would be based on current version of the DPBB 2022 and the follow up consultancy would be up to one month after the release of the first set of rules.

Naavi

Posted in Uncategorized | Leave a comment

Now Data Protection Compliance in India is easy and affordable

Ujvala Consultants Private Limited as a Supporting member of Foundation of Data Protection Professionals in India (www.fdppi.in) has made Data Protection Compliance in India simple and affordable.

Ujvala provides online access to a self assessment tool through this website, which costs only Rs 2500/- (plus GST) as an introductory price.

On payment of the fees, an e-mail will be sent with access password to an online self assessment system which consists of five parts and 233 questions.

The questions can be answered online and a self evaluation of the effectiveness of the current practices can be entered by the organization representative.

On Submission, Ujvala team will provide an an adjusted Self Assessed DTS with a basic review comment.

If required, the organization may get implementation evaluation of policy documents and a summary assessment from Ujvala.

Following this, the organization may obtain implementation consultancy from a DPCSI consultant and FDPPI certified audit certificate from a DPCSI auditor.

Cost of Rs 2500/-plus GST (Total Rs 2950/-) is applicable for self assessment, review of the self assessment and issue of an adjusted DTS based on the preliminary review.

Cost for Summary assessment, Consultancy and Audit will be advised on request and further discussion.

Naavi

Posted in Uncategorized | Leave a comment

Let’s Create a Compliance Culture in Indian Data Protection Community

To

All those interested in Data Protection law compliance in India

Dear Friends

I invite you all for the webinar on “Data Trust Score under DPCSI” scheduled for 11.00 am on Sunday, July 10, 2022. The webinar will be on Zoom. The meeting ID is 882 8084 0436. The pass code is : dts_07

The approximate duration would be one hour followed by discussions. During the session, I will try to explain how Data Protection compliance maturity of an organization can be expressed in terms of a “Data Trust Score” just as how the credit ratings express the investment worthiness of a financial instrument.

The framework based on which the model of DTS would be explained is the Data Protection Compliance Management System which is uniquely built as a “Unified system for compliance of Personal Data Protection under ITA 2000/PDPB2019 or DPA 2021/GDPR etc.

During the session, the use of an online tool that can be used for a self estimation of the data protection status of an organization would also be described.

Don’t miss this opportunity to be part of a revolutionary change in the way companies can handle their data protection compliance requirements. MSMEs in particular should be more interested since the tool would help them to start their journey to be compliant with the law as it emerges.

The objective of this interaction is to make compliance easier and more affordable so that we can together create a “Compliance Culture” in India.

Whether the Government passes the Personal Data Protection bill (PDPB 2019/DPA 2021) during monsoon or not, responsible companies need to start their journey towards compliance.

Even when changes are brought, the foundation principles of compliance will not change. Let vested interests continue their fight to avoid compliance responsibility.

We the responsible corporates shall show the way to respect and be compliant with the legislative intention already reflected under the concept of “Due Diligence” and . “Reasonable Security Practice” in ITA 2000/8.

Naavi

Posted in Uncategorized | Leave a comment

My DTS

Data Trust Score (DTS) is a measure of the effectiveness of compliance of an organization to data protection law as assessed by an auditor. This brings visibility to the common man of how reliable are the data protection measures in an organization. It also brings accountability to the data audit system by requiring the auditor to convert the subjective assessments to a common objective number.

In the Corporate and Investment world, “Credit Rating” is a common measure of the safety of investment in an instrument and has been widely used.  DTS now brings this concept to the world of “Personal Data” which is like a currency which public invest and Data Fiduciaries collect and use for generating business revenue.

Naavi has been working on developing a DTS system based on the PDPB 2018 which later became PDPB 2019 and DPB 2021. In this process, Naavi developed a framework referred to as “Data Protection Compliance Standard of India” (DPCSI) which incorporates the best of the various frameworks for implementation of ISMS or PIMS and extends it with some other unique concepts.

The two components of DPCSI are PDPCSI (Personal Data Protection Standard of India) and NPDP-CSI (Non Personal Data Compliance Standard of India). The basis for the PDPCSI framework is DPDPB 2023 (Digital Data Protection Bill 2023). The basis for NPD-CSI is the Information Technology Act 2000/8.

Now, Naavi has tried to simplify the process of DPCSI audit by enabling DTS evaluation online. This online DTS computation has been enabled by Ujvala Consultants Private Limited.

The process is enabled as a “Self Evaluation” based on certain assessment questions, submitted for review to Ujvala Consultants for validation. During the process of this self evaluation, a trained mentor would be available from Ujvala to explain the implication of a question. During this stage, the organization would self evaluate it’s compliance status by assigning a DTS score between 1-10 for each of the 50 Model Implementation Specifications (MIS). The organization will also indicate their current level of documentation to support this self evaluation.

Validation of this self score of DTS can be further strengthened by review of policy documents by Ujvala and conversion of the self evaluation into a into a summary assessment of DTS.

Finally the system merges with a Certifiable audit by a FDPPI certified auditor who may do an online audit of the facilities.

The pricing of the service for each of these different levels of assessment.

The online Link to self assessment will be available on the payment of a prescribed fee.

The assessment goes through different steps over 50 model implementation specifications (MIS 1-50)  and covers five responsibility centers in the organization namely,

1.Management (MIS 1-15)

2.DPO (MIS 16-24)

3.Legal (MIS 25-26)

4.HR (MIS 27-30)

5.IT (MIS 31-50)

General Instructions for use of the “My DTS” system

The assessment has been divided into five sections corresponding to the five different responsibility centers, so that different representatives of the company can complete the assessment in each of the sections. Each section covers the Implementation Specifications related to  the specific responsibility center. The user is expected to complete the questionnaire with reference to the current practices in the organization. 

The questionnaire consists of one or more questions related to each of the Model Implementation Specifications followed by a self assessment of an evaluation score for the specific implementation specification on a scale of 1-10. For each assessment, a list of documents referred may be indicated.

When these individual scores for each implementation specification is totalled, one arrives at the total score for the section.

It is envisaged that each section would be completed by a designated person.

The completion  of the questionnaire can be stopped and continued as per the convenience of the responder.  It can be reviewed internally before it is finally committed for submission.

The summation of the assessment scores for each of the five sections provides the first raw estimation of DTS of the organization based on self declaration.

When this assessment is submitted to Ujvala, Ujvala will apply a weightage system and compute an “Adjusted DTS” and communicate it to the organization along with some critical recommendations if any for further action.  A Certificate would be issued in support of this “Self Assessment”. A general feedback on the next action required will also be provided by Ujvala along with the self assessment certificate.

Summary Assessment

Additionally, the organization may chose to elevate the self assessment into a “Summary Assessment” by Ujvala based on submission of evidentiary documents such as policy documents etc for review.

This would be separately Certified as  “Provisional DTS” for the organization.

FDPPI Certification 

If the Company opts to go for a full fledged audit of their compliance under the DPCSI framework which should meet the standards of Section 29 Data Audit,  the audit will be conducted by an FDPPI accredited Certification body and may be certified by FDPPI under its norms for Certification.

Pricing

Will be provided on case to case basis.

The cost of Summary assessment by Ujvala with a review of the documents submitted would be based on the documents to be reviewed and an estimate would be provided after the basic DTS is provided.

The cost of  final Certification audit  would depend on the estimate of the work involved and as per FDPPI guidelines if any.

(Similar assessment audit for GDPR-DTS as well as ITA 2008-DTS would also be available.  )

Naavi

Confidentiality of Information Submitted:

Kindly Note that the information submitted for assessment will be available for the team of consultants of Ujvala which consists of Naavi and his associates who provide their assurance for confidentiality of data through Ujvala.

Since the evaluation questionnaire is hosted on an external website and the security of data entered there in is subject to the security provided by the said website, an option is made available to the respondent organization to seek an Pseudonymous ID while making the payment which can be used on the website where the responses are completed. The responses donot contain any corporate data once the name of the organization is pseudonymized.

For any further clarification, kindly contact Naavi

Naavi

Confidentiality of Information Submitted:

Kindly Note that the information submitted for assessment will be available for the team of consultants of Ujvala which consists of Naavi and his associates who provide their assurance for confidentiality of data through Ujvala.

Since the evaluation questionnaire is hosted on an external website and the security of data entered there in is subject to the security provided by the said website, an option is made available to the respondent organization to seek an Pseudonymous ID while making the payment which can be used on the website where the responses are completed. The responses donot contain any corporate data once the name of the organization is pseudonymized.

For any further clarification, kindly contact Naavi

Posted in Uncategorized | Leave a comment

Online Data Protection Audit and Data Trust Score Tool

Ujvala Consultants Pvt Limited has developed an online Data Protection Compliance Assessment Tool which can assist in generating a DTS score for an organization.

DTS or Data Trust Score is a measurability of the extent of data protection compliance of an organization. A Complete assessment of DTS requires an audit, a methodology for converting the audit findings into a score and an assessment by an experienced auditor.

However, as a preliminary measure of assessment, an online assessment tool has been developed by Ujvala Consultants Pvt Ltd.

The tool can be used by any DPO to check the preparedness of the organization before a formal audit may be invited. It is also a tool to be used by Ujvala Auditors to develop the Gap assessment.

The tool has been developed on the basis of DPCSI (Data Protection Compliance Standard of India) as a framework and Naavi’s methodology for DTS calculation.

Ujvala Consultants would be using this tool for its Data Protection Compliance audits.

Naavi

Posted in Uncategorized | Leave a comment

Ujvala to pioneer Algorithmic Transparency Audit as required under DPA 2021

One of the new requirements that has been brought into the Data Protection Audit in India through the DPA 2021 is the need for “Algorithmic Transparency”. Additionally all devices both software and hardware,  that process data needs to carry a security certification from an accredited lab.

The Data Protection Standard of India (DPSI) has been suitably modified to incorporate these requirements.

At the same time, the DPIA and Harm Audit concepts need to be upgraded to include the audit against any possible “Bias” of an automated decision making involved in data processing.

In order to provide a service for third party “Bias Audit”, Ujvala is developing a new line of activity for “Independent third party Bias Audit” of algorithms as may be considered adequate under DPA 2021.

This audit would not be at the Code level and therefore does not involve any IPR risks.

Ujvala is in the process of finalizing technology partners for this line of activity.

Naavi

Posted in Uncategorized | Leave a comment

Ujvala Data Governance Consortium

Ujvala Consultants has created a virtual subsidiary named Ujvala Data Governance Consortium (UDGC) with effect from 1st August 2021. It will undertake projects related to Data Protection Audit as a group of professionals.

UDGC will be a division of Ujvala Consultants Pvt Ltd.

Posted in Uncategorized | Leave a comment

PDPSI Audits

Ujvala Consultants is one of the Certification bodies licensed by FDPPI for conducting assessments, audit and DTS (Data Trust Score) evaluations under PDPSI system.

PDPSI assessment is based on the Standard and Implementation specifications provided under the PDPSI framework.

PDPSI consists of 12 standards and 50 Model Implementation specifications. (MIS). The DTS evaluation is based on an assessment of an auditor on the effective implementation of these implementation specifications.

The Audit is based on the Implementation Charter developed based on a Gap Assessment based on the Model Implementation Specifications (MIS) but modified by the Management based on their Risk Strategy of Mitigation. The Risk Mitigation Strategy takes into account the organization’s preference for Risk Avoidance, Risk Absorption and Risk Transfer and the resultant modified set of Implementation Specifications is considered as the “Adopted Implementation Specifications”.(AIS)  The logic for modifying the MIS into AIS is recorded in the “Deviation Justification Document” signed off by the management.

The Audit is conducted based on the AIS of the Implementation Charter resulting in “Satisfactory” or ” Requires Improvement” comment. All audits will be accompanied by an allotted DTS score.

The Certificate is issued by Ujvala and copy filed with FDPPI. It is part of the PDPSI system that at the end of the audit, the auditee organization will file a “PDPSI Auditee Feedback” and send it directly to FDPPI. The feedback will also consist of a permission to opt in for disclosure of DTS.

Currently, Naavi and Ramesh Venkataraman are the Certified Lead Auditors for Ujvala, for the purpose of PDPSI audits.

 

Posted in Uncategorized | Leave a comment

Digital Media Compliance Guidance Center

With the notification of the new Intermediary Guidelines 2021 (Information Technology [Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021] notified on 25th February 2021, the Digital Publication scenario in India has changed substantially.

It will take some time for the full impact of this Surgical strike by the joint operations of the Ministries of IT and I&B to sink in to the industry.

The changes will affect all the large Intermediaries like Twitter, FaceBook, YouTube, WhatsApp, Telegram etc., the emerging Indian companies like Koo, Tooter, Arattai, as well as a number of YouTube Channels such as Shekar Gupta’s Channel , The News Minute  or other similar channels. The OTT Channels such as HotStar, ZeeTV, JioTV etc will all be coming within the provisions of the guidelines.

The compliance requirements in principle applies to any digital publication which has News content and therefore applicable to many blogs though by virtue of a smaller exposure they may not be coming directly under the definition of the “Significant Social Media Intermediary” or a “Publisher”.

The compliance requirements are not simple and will also need to incorporate a Grievance Redressal Mechanism.

Naavi has been operating the ODRGLOBAL.IN which is an online grievance redressal system and is ideally suited to be adopted for the requirements of this type. Naavi has also been engaged in ITA 2008 compliance as well as Personal Data Protection Compliance (GDPR, Indian PDPA etc).

Recognizing the needs of the Digital Media Publishers, Naavi has launched a new service namely “Digital Media Compliance Guidance Center” (DMCGC).

DMCGC will provide compliance consultancy to enable organizations maintaining news websites and news apps to maintain compliance as envisaged under the rules.

Non Compliance of the Intermediary guidelines would be like exposing the media organization to a volley of AK 47 bullets without as much of even a shirt to wear on, let alone a bullet proof vest.

The service would be provided through Ujvala Consultants Private Limited the Techno Legal compliance consultancy company.

Interested persons may contact Naavi through e-mail

Naavi

Posted in Uncategorized | Leave a comment