GDPR Compliance.. A Better Tool at a more Economical Cost

When GDPR came into existence, it created a stir in the Corporate markets all over the world including India. The immediate concern was that the administrative fines under GDPR could go upot 4% of the global turnover of an organization which is considered a “Data Controller”. Additionally the applicability of GDPR was extended to organizations outside EU region if they were directing their business to the Data Subjects in EU or were profiling the activities of individuals in EU. Hence companies in India were concerned about non compliance of GDPR.

Since 25th May 2018 when GDPR came into effect there is a better understanding of the applicability of GDPR and how it operates on entities located in India, particularly if the organization is only a processor and is not a Controller or Joint Controller.

However the July 14, 2020 order of the Court of Justice EU on the invalidation of the US Privacy shield has given a new jolt to the Indian organizations. The US Companies are now out of the shelter of the self certified US privacy shield arrangement and are banking more on the Standard Contractual Clauses (SCC). The Controller-Processor template of a SCC is also extended by US data vendors to their contracts with Indian data processors along with the indemnity clauses.

As a result the need for documented compliance of GDPR has increased in India.

The fundamental obligation under GDPR is on securing the personal data of EU Citizens that is being processed. However, the SCC imposes a “Data Controller” obligation even on a “Data Processor” in certain exceptional circumstances. In some cases the data vendor may be not fully aware of the implications of GDPR in a given context and the Indian organization needs to negotiate with the data vendors the inter-se responsibilities and a proper role definition.

For both these reasons, Indian companies whether they are conrollers, joint controllers or processors, would do well to implement a GDPR compliance program within their organization.

Being fully GDPR Compliant will also enable the Indian Data Processing Companies to bid for business from out of India either from the EU area itself or from many other countries where there may be no data protection regulations and GDPR is looked upon as a Standard for data protection.

Presently organizations aspire to achieve GDPR Compliance through the privacy frameworks such as BS 10012 or ISO27701.

Both BS 10012 and ISO 27701 are frameworks specifically developed for GDPR compliance and address the issues of Privacy Protection envisaged in GDPR.

However the ISO 27701 is an extension of ISO 27001 and even BS 10012 makes a normative reference to ISO 27001. Both frameworks are therefore dependent frameworks and can be relied upon only if the organization is already ISO 27001 compliant.

In the Indian context,  Though large organizations would be comfortable with ISO 27001+ISO 27701 as the compliance standards SMEs and MSMEs would find it difficult to maintain ISO 27001 and hence ISO 27701 remains an impractical goal.

Also for most data processors, pursuing ISO 27701 would be an overkill.

In order to address the needs of such Indian organizations, Ujvala has adopted the standard created by Naavi under PDPSI and its extension PDPSI-GDPR as the effective alternative to ISO 27701.

Compliance framework of PDPSI-GDPR would be more than sufficient to cover all aspects of ISO 27701 along with ISO 27001.

Lead implementers for this implementation is also being developed by Cyber Law College through its certification programs in association with FDPPI. The consultants of Ujvala will be adopting this framework for GDPR compliance.

The PDPSI-GDPR in its full implementation mode is a step ahead of the ISO 27701 with a Data Trust Score to indicate the maturity level of the organization in terms of implementation of GDPR compliance program.

 

 

 

Posted in Uncategorized | Leave a comment

DIFC-DPL Compliance

Ujvala Consultants  adopts a customized audit cum implementation framework for compliance to DIFC-DPL 2020.

The framework has been developed under the “PDPSI” extension and is recognized as “PDPSI-DIFC Framework.”

PDPSI (Personal Data Protection Standard of India) was first developed as a framework for implementation of India’s proposed Personal Data Protection Act by Cyber Law College and is being adopted as an indigenous implementation framework for Data Protection in India through FDPPI. (Foundation of Data Protection Professionals)

It is now adopted as extended framework for other Data Protection Laws including GDPR to replace the ISO 27701.

The Extension for DIFC has 11 fundamental Standard statements followed by 44 implementation specification guidelines.

These guidelines are specifically tailored to meet the Techno Legal compliance requirements of DIFC and provides a structured implementation guideline.

Any Techno Legal compliance cannot be fully automated and hence a certain  level of interpretation is inevitable in implementation of any framework based approach.

In applying this framework, Cyber Law College has developed a few trained Lead Implementer who can interpret the provisions of DIFC-DPL 2020 in an appropriate manner.

Naavi will be personally involved in such implementation programs initially as the Lead Consultant in all projects of Ujvala.

Ujvala’s PDPSI-DIFC based implementation is offered as a consultancy service for all those companies who are intending to take compliance steps to meet the DIFC deadline of 1st October 2020 and thereafter.

 

Posted in Uncategorized | Leave a comment

Welcome

Ujvala Consultants Private Limited is the corporate entity that owns the digital assets of Naavi such as the portals Naavi.org, cyberlawcollege.com, ceac.in, odrglobal etc.

Ujvala is focussed on providing education through Cyber Law College related to Information Technology Act 2000 of India, HIPAA, GDPR, Indian Personal Data Protection Act, Dubai DPL2020, Singapore PDPA 2012 etc.

As a supporting and Sponsoring member of FDPPI, Ujvala provides infrastructure support to FDPPI for its day to day operations and also through Cyber Law College provides facilities for running various training programs leading to Certification under FDPPI.

Ujvala works through Associate Consultants, one of whom is Naavi (Na.Vijayashankar) himself, who is also the Managing Director of the Company.

Posted in Uncategorized | Leave a comment

Welcome to Ujvala

Welcome to Ujvala Consultants Pvt Ltd, a pioneer in Cyber Law and Data Protection Compliance in India.

Explore the details on www.naavi.org, www.cyberlawcollege.com, www.ceac.in and www.odrglobal.in to understand the wide scope of activities of Ujvala Consultants Pvt Ltd.

Posted in Uncategorized | Leave a comment