Navigating Digital Data Protection Act Project ChallengesSecurity Experts Help Clarify Confusion Over Consent and Privacy Frameworks
The Digital Personal Data Protection Act in India has introduced many implementation challenges for security practitioners. Two experts - Shivangi Nadkarni, co-founder and CEO at Arrka Consulting, and Priya Muku Gora, GRC lead and DPO at Axtria - shared strategies for successful projects.
"There is a great sense of confusion of what needs to be done," Nadkarni said. "There is confusion of whether this is just an add-on to what I am already doing for security. There is also confusion on whether this is something that my legal team should handle."
Most organizations already have security solutions that may need an "extra add-on or tweaking" to incorporate security safeguards, legal requirements and breach notifications.
But organizations will have to start from scratch on "every other aspect of the law, which is, "Collect what you need, use data for the purpose it has been collected, delete data, etc.," Nadkarni said.
On the challenge of consent, Gora said, organizations need a layered approach. "Initially before 2018, we were gearing up for more of security aspects. The journey from on-prem to cloud was common," Gora said. "Then came the idea of protection. Today, as most organizations are adopting the SaaS model, it is no longer about customer data but employee data as well. It starts from having a basic privacy framework in place."
In this video interview with Information Security Media Group, Nadkarni and Gora discussed:
- Where practitioners should begin their implementation;
- The ideal skills and qualifications for data protection officers;
- The benefits of adopting a data privacy framework.
Nadkarni has more than 22 years of experience in information risk and privacy, e-commerce, and networks. She previously led the global application security and identity management practice at Wipro and established India's first licensed certifying authority for digital signatures in collaboration with Sift.
Gora has more than 18 years of experience in information security, compliance and data privacy. Prior to joining Axtria, she served as a senior manager of governance, risk and compliance at Nagarro.