Understanding the DPDP Act 2023: Is Your IT Services Provider ISMS Compliant?

Protection of data is very vital in the digital age, as personal data is collected, processed and stored for various purposes by different entities, be it Governments or corporations. It’s rightly said, data is the new oil. All of us have experienced a puzzle when we search for a product online, or have a discussion with a friend about a product and suddenly, all the advertisements we see while surfing the web or using an application are related to that product. This is an example where our data is processed and used for marketing purposes. The need for Data protection and regulations on how data can be collected, used, and shared was a need of the hour. Data protection Acts are laws with an objective to safeguard the security and privacy of individuals and their data. The General Data Protection and Regulation (GDPR) in the EU, The Personal Data Protection Act (PDPA) in Singapore are all examples of Data protection laws. The latest addition to the category is the Digital Personal Data Protection Act (DPDP Act 2023), which was enacted on August 11, 2023, by the Indian Parliament. These acts have significant implications for individuals, businesses, and society as a whole. Therefore, it is important to understand the need for data protection acts and how they affect us. Let’s dig deeper.

The Key Provisions of DPDP Act 2023 are,

Transparency and Consent: The Act mandates that organizations must secure clear and explicit consent from individuals prior to the collection and processing of their personal data. The principle of transparency is fundamental, guaranteeing that individuals are provided with unambiguous information regarding the data being collected and its intended use.

Purpose Limitation and Data Minimization: The Act compels data controllers to only gather the data that is absolutely necessary for the intended purpose. The data should not be stored beyond the required duration, and its usage should be confined to the purposes specified.

Data Transferability: The Act empowers individuals with the right to demand their data from one service provider and move it to another. This clause fosters competition and ensures that users maintain authority over their personal data.

Right to Erasure: The Act grants individuals the right to demand the deletion of their personal data, given certain conditions are met. This “right to erasure” enables individuals to request the removal of their data from databases.

Data Protection Impact Assessments (DPIAs): The Act necessitates data controllers to carry out ADPIs to evaluate and alleviate risks linked with data processing activities, particularly when such processing poses significant risks to the rights and freedoms of data subjects.

Security Measures for Data Protection: The Act mandates organizations to establish stringent security protocols to safeguard personal data against unauthorized access and breaches. In the occurrence of a data breach, they are obligated to notify both the data subjects and the regulatory authorities.

Governance and Accountability: The Act promotes organizations to establish data protection policies and designate Data Protection Officers (DPOs) to ensure adherence to its regulations. Organizations are obligated to follow stringent guidelines when transferring personal data beyond the jurisdiction to countries that are not considered providing a sufficient level of data protection.

What is ISMS, and why is it relevant?

The ISO/IEC 27001:2013 is an internationally acknowledged benchmark for Information Security Management Systems (ISMS). It provides a formal specification for an ISMS, designed to place information security under clear management oversight. The ISO/IEC 27001 standard assists organizations in managing risks associated with the security of data they own or manage, ensuring that the system adheres to all the best practices and principles encapsulated in the International Standard. Its significance lies in its ability to make organizations aware of risks and proactively identify and address vulnerabilities. An ISMS, when implemented in accordance with this standard, serves as a tool for risk management, cyber-resilience, and operational excellence.

We, at Innovature are happy to share the successful completion of our 2023 annual ISMS, ISO/IEC 27001:2013 surveillance audit, with zero noncompliance! This audit, conducted by the esteemed Bureau Veritas, is a testament to our proactive approach to security and the dedication of our incredible team. At Innovature, we’ve always placed the highest priority on information security, and this achievement validates our unwavering commitment to safeguarding your data and ensuring the confidentiality, integrity, and availability of information.

Looking for the best and safe IT Services Provider out there? Innovature is happy to help.

 

Wahbe Rezek

Advisor, AI & Deep Tech

Wahbe, based in Amsterdam, has a solid background in project and IT change management, notably at the City of Amsterdam and ING. In 2019, he transitioned to become a Program Manager at ING’s Financial Markets division, specializing in AI. Since late 2022, Wahbe has founded Future Focus, offering AI advisory and implementation services, and assisting clients in maximizing the potential of artificial intelligence. Additionally, he serves as an Advisor-AI & Deep Tech at Innovature, where he provides strategic insights and guidance on cutting-edge AI technologies.

wahbe

Jesper Bågeman

Partner, Technology

Jesper is an IT enthusiast committed to driving positive change through technology. He leads with three core principles: fostering genuine partnerships with clients, integrating sustainability into operations, and prioritizing the empowerment and well-being of team members. Jesper’s dedication to these values ensures that he delivers impactful results.

Tiby Kuruvila

Cheif Advisor

Tiby is a respected technology expert recognized for his contributions in project management and technology development. His dedication to technological advancement and client relationship management has established him as a valuable asset in driving business growth and maintaining customer satisfaction across various sectors.

Tiby

Meghna George

HR Manager

Meghna is dedicated to shaping HR practices and fostering a culture of growth and empowerment, steering Innovature toward a brighter future. With an impressive background in Human Resources, Meghna has successfully led HR shared services and managed the HRBP portfolio for large delivery units. Her expertise encompasses strategic planning, change management, and employee development, making her a pivotal force in driving organizational excellence.

Unnikrishnan S

Vice President

Unnikrishnan brings a wealth of experience in delivering impactful software projects and implementing strategic technological initiatives. His comprehensive knowledge in project management, operations, and client engagement consistently yields significant results, making him a trusted leader in the field of IT.

Gijo Sivan

CEO, Global

Gijo is based in Japan and possesses two decades of experience in modern web technology, big data analysis, cloud computing, and data mining. He plays a pivotal role in shaping the company’s global reputation, particularly within the Japanese IT industry, and brings extensive experience in sales, delivery management, partner management, operations, and technology consulting.

Ravindranath A V

CEO, India & Americas

Ravindranath is a seasoned executive renowned for his global proficiency in IT strategy, infrastructure, and software services delivery. With a focus on innovation, he translates clients’ business concepts into actionable solutions across diverse industries such as banking, retail, education, and telecommunications.