We had Chennai Task Force session on "Digital Personal Data Protection (DPDP): Practical approach for CISOs" by Our community members. The bill aims to protect individual data and regulate data practices. CISOs should be aware of the new requirements to avoid penalties.
About Speakers
-(Moderator) Gowdhaman Jothilingam, Global CISO, LatentView Analytics
-Prabhakar Ramakrishnan (CISO, TNQ Publishing). Prabhakar is a seasoned IT professional with over 25 years of experience in the field of IT Infrastructure and Information Security. He currently serves as the CISO & General Manager - IT Infrastructure at TNQ Technologies.
-Dr. Jagannath Sahoo (CISO, Gujarat fluorochemicals). Jagannath have had the privilege of leading and enhancing the cybersecurity posture of INOX GFL, headquartered in Noida, India, Gujarat Fluorochemicals Limited (GFL), is a part of the INOXGFL Group.
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
(Webinar Recorded) :
(PPT) Presentation From The Discussion
Downloads from the session :
Highlights From The Discussion :
1. What are the 3 types of privacy?
- Physical privacy (for instance, being frisked at airport security or giving a bodily sample for medical reasons)
- Surveillance (where your identity can't be proved or information isn't recorded)
- Information privacy (how your personal information is handled)
2. What is data privacy?
- Data Privacy: Compliance with Data protection laws and regulations. Focus on how to collect, process, share, archive and delete the data
- Data Security: Measures that an organisation is taking in order to prevent any third party from unauthorized access
3. What does Personal Data mean?
According to the personal data protection bill, 'Personal data' refers to information, characteristics, traits or attributes that can be used to identify an individual. This includes:
- Financial data
- Biometric data
- Data about caste, religious or political beliefs
- Any other category of data specified as personal by the government
4. Data Protection and Privacy Acts World Wide
5. Rights of Individuals under the Digital Personal Data Protection Act 2023. The DPDP Act proposes the rights to individuals, which ensures that their personal data is processed with their consent and there are measures available to safeguard their data.
- Right to Information about Personal data
- Right to correction, completion, Updation and erasure of personal data
- Right of Grievance redressal
- Right to nominate
6. Structure of DPDPA Act 2023
7. Applicability of the Bill
The Bill is intended to apply to processing of personal data within the territory of India by Indian data fiduciaries and data processors. Further, the Draft Bill is also intended to apply to foreign data fiduciaries and data processors, where personal data is processed by them in connection with:
- Any business carried on in India; or
- For systematic activity of offering goods or services to data principals within the territory of India; or
- Any activity which involves profiling of data principals within India
8. Compliance & Best Practices
- 8 Steps to DPDP Act Compliance
- Appoint a DPO
- Create a Privacy Management Program
- Conduct a Privacy Impact Assessment
- Implement Data Protection Policies and Procedures
- Train Employees and Partners
- Monitor and Review Compliance
- Respond to Data Subject Requests
- Report Data Breaches
- 5 Best Practices for Data Protection
- Practice Data Minimization
- Securely Dispose of Data
- Encrypt Sensitive Data
- Implement Access Controls
- Regularly update security measures
9. What you can do to prepare for the Digital Personal Data Protection Bill 2023
- Conduct a data audit
- Implemement strong data governance
- Enhance data security measures
- Conduct Employee training
- Develop data subject rights procedures
- Review and update policies
- Obtain valid consent
- Develop data breach response plan
- Establish vendor management
- Stay updated and seek legal advice
10. DATAPRIVACY:1-Pager self-audit checklist
Comments