Personal Data Protection | DPDP | GDPR | Compliance
B2C companies Airlines, e-commerce, Telecom, Banks, Insurance can be held liable to pay 50 to 250 crores in penalty in India for neglecting to protect the Personal Data of customers as per DPDP Act. Companies hiring large workforce and labour are expected to protect personal data of employees too.
Personal data should be processed with a clear purpose, stored and managed securely from any data breach from internal and external threats. Additional controls should be in place in case managing children’s data, people with disabilities. RIGHTS of individuals shall be respected and provisions made for changes.
Managing DPDP requires a well-defined process. Engage with certified CISA, CISM, CDPSE, HIPAA experts who understand DPDP compliance needs. Buying or implementing tools may achieve partial goals.
Approach and Steps to Audits, Assessment, Gap Implementation and Compliance. Similar steps are relevant for GDPR or HIPAA Personal data (PII or PHI) compliance with specifics relevant to industry and geographical regions.
Steps to Compliance
| Key Objectives | Actionable Details |
|---|---|
| Applicability assessment | High-level assessment of data protection maturity |
| “All Round” assessment | Conduct Data Protection Impact Assessment DPIA for the enterprise, Business process at Management and technical levels |
| Gap Assessment | List and Identify gaps to finalize solutions for PII protection |
| Personal Information Inventory | “Know your Personal Data”- Where, When, Who, Why and How of data management in the company, with third party and processors |
| Data protection implementation | Embed Personal data Security by design in products and services, conduct Trainings, Monitoring and Compliance to the DPDP rules |
| Legal Support | Assess readiness to Data Protection Board regulations |
| Customer Assurance | Declare and demonstrate DPDP Maturity |
