Architecting a solution for achieving DPDPA Compliance The Digital Personal Data Protection Act (DPDPA), shifts focus from a just having policies (intent) to how it is implemented. It moves from an ad-hoc spreadsheet and email-based implementation to how it can be systematically implanted. That presents a system design problem. Policies alone are not useful – […]
The Clock Is Ticking – What’s next? We have the Assessment – So what’s the Action Plan now? Prepare and prevent, don’t repair and repent – Anonymous As I mentioned in my last blog on “What do we need to do”, you must identify the right problem to find a solution. And having identified the […]
Where are the GAPs in my Digital Data Protection Compliance? If I have one hour to save the earth, I will spend 55 minutes identifying the problem and five minutes resolving it – popularly attributed to Albert Einstein One must identify the right problem to find a solution! Why is this relevant to us? Here. […]
To start with most of the organizations that deal with customer data think that they are doing enough and more to protect their client’s data and have taken all the measures that are needed to safeguard the interests of all the stake holders. They think DPDPA is all about putting the documentation in order, to […]
It is clear from its name Digital Personal Data Protection Act – DPDPA, that it is about protecting personal data of individuals that any organisation maintains. So, if an organisation needs to answer this question – “Are we compliant?”, then the first step would be to determine what personal data of clients is an organization […]
Once we have determined that DPDPA applies to us as a company, the next question is what we must do to ensure that we are DPDPA compliant. We saw that there are two roles from the business side – Data Fiduciary and Data Processor. We could have either one or two roles. As a Data […]
My colleague Savita talked about DPDPA in her blog. When I read her blog, the question that I had, as I am sure you do too, is that if DPDPA applies to you. In order to answer that question my first step was to understand the law. So, I ‘decomposed’ my big question into the […]
Why is Data Privacy and Protection required? Can you send me some money urgently? One of my former colleagues saw this message popup on her WhatsApp feed. It happened not once. Twice! Someone took my LinkedIn picture and reached out to my ex-colleague on WhatsApp asking her to swiftly handle a transaction for me. Phone […]
Now that we’ve talked about what the ISO 27001 framework is all about and who actually needs it, let’s break it down a little more. ISO 27001:2022 Annex A Structure & Controls The 2022 version of the standard organizes 93 controls into four main themes: Organisational Controls (Clause 5):37 controls People Controls (Clause 6):8 controls […]
Why it Matters, Who Needs It and Why Protecting data can really feel overwhelming especially as the stakes keep getting higher. ISO 27001 offers a way of doing this systematically. However, implementing it seems like a huge and complicated endeavor. It does present some challenges but once you understand what it’s trying to do, it […]
Operational Challenges in Implementing Tech GRC In an earlier post I talked about the why organizations face difficulties as they implement a sound Technology GRC program. As I mentioned, there are three types of factors. Environmental, those outside your control Strategic, how you choose to respond. And Operational, how your response is implemented, which is […]
