2023 a Year of Data Privacy Becoming Front and Centre in India – Reach ISO

Business Wire India2023 was a year of data security and privacy taking centre-stage in India. The introduction of the Digital Personal Data Protection Act 2023 marked a significant milestone in India’s data privacy journey, paving the way for stronger regulations and improved data protection practices across various industries.
Reach ISO, ISO consultation experts, shared highlights of 2023 for the Indian data security and privacy landscape. From understanding the nuances of relevant ISO certification, the difference between GDPR & ISO 27701 and the impact of the DPDP Act – 2023 was an action-packed year. In 2023 Reach ISO advised Fin-techs and SAAS organisations on most relevant ISO certification for them, how to apply and receive the certification.
CRED, a leading Indian fintech, was audited by Reach ISO and CertAssured Singapore for obtaining ISO 27701 certification. CRED is the first fintech company in India to receive this certification.
“We are extremely proud to present CRED, the ISO 27701 certificate on Privacy Information Management System (PIMS). CRED is the first fintech in India and probably one of the first few fintechs globally, to have been awarded an accredited certificate on this standard. It is a remarkable achievement that demonstrates CRED’s matured privacy practices and agility,” said Deepak Shankarappa, Co-founder and Director, Reach ISO.
“Data privacy is emerging as one of the strategic areas of focus for organisations, given the increasing use of digital technologies, innovation, and enactment of stronger data protection laws. We believe adopting a PIMS standard significantly reduces the risk of non-compliance,” said Abhilash A Anand, GRC Advisor and Lead Auditor, Reach ISO.

“At CRED, we adhere to the principles of trust, and transparency is at the core of it. Our ISO 27701 certification affirms our commitment to safeguarding members’ information, complying with rigorous global standards in data privacy and security. We remain committed to investing in resilient privacy frameworks and cutting-edge technologies, upholding the highest standards in information processing,” said Himanshu Kumar Das, CRED.

ISO 27701 is a framework for data privacy that builds on ISO 27001. The ISO 27701 standard provides an overarching framework to help companies fine-tune their data privacy practices and keep pace with the changing privacy threat and regulatory landscape through a rigorous risk and compliance-driven approach, while being focused on measurement and continuous improvement. ISO 27701 helps companies to maintain an effective privacy and information security system and reduce privacy risks.