Framework

While implementing “Privacy protection through data protection”, the Data Controllers/ Data Fiduciaries and Dta Processors look for some standard guidelines to make their efforts easy.

Though a template approach to privacy is not the best approach, it has become a standard to design standards for such purpose. Accordingly after GDPR came into existence BS10012 was announced by the British standards institute and alter ISO also introduced ISO 27701 standard from its stable. Both address Personal Information Management Systems (PIMS) and are a replica of each other. However, both are proprietary standards where even to know what is the standard, one should invest money.

NIST however has a standard of its own which is open source. DSCI (Data Security Council of India), which is a Nasscom promoted Indian organisation has also come up with a privacy framework of its own.

However, none of these standards are ideally suited for the Indian system led by PDPA and consisting of many SMEs. Hence in a spirit of bringing the compliance requirements to the reach of SMEs, Naavi undertook structuring a separate standard for the Indian conditions titled PDPSI or Personal Data Protection Standard of India. This is an open standard and is under continuous development.

All these are different routes to achieve the compliance and it is the discretion of the organizations to adopt any standard that suits them.

Most of the regulations prescribe that irrespective of the framework adopted and certifications obtained, the organizations need to ensure that the regulatory authority is satisfied about the actual status of compliance in the organisation irrespective of the certificates sported.

These certificates should therefore be considered as guidelines and not an insurance against being held non compliant. There is no substitute for the organisation to have its own framework of compliance after perusing all the other available frameworks.