Privacy Mode fellowship programme

Privacy Mode fellowship programme

Documenting privacy best practices in industry

Make a submission

Accepting submissions till 30 Sep 2022, 11:55 PM

Organizations desire to adopt best practices around data which are aligned with the risk management approaches they have in place. With increasing complexity around privacy and data security, it is necessary to gain deep understanding of the strategic directions adopted at some of leading organizations in India. With this intent, the Privacy Mode Fellowship programme was put together to work with practitioners who document easily adopted practices that are flexible and are based on well understood design principles. The Best Practices Guides provides a quick introduction to some of the topics which receive a lot of attention.

The Privacy Mode Fellowship programme considered the following themes while publishing the Call for Submissions:

  1. Data protection/security practices.
  2. Consent frameworks tied to purpose use limitations.
  3. Data rights.
  4. Encryption practices.

Selected Fellows for 2022

  1. Ankita Roychoudhury and Yashodhara Shukla , Frappe Technologies Private Ltd.
  2. Pratyush Pullela, Doosra, Ten20 Infomedia Pvt. Ltd.
  3. Rohan Verma, Zerodha Broking Ltd.
  4. Sathish KS, Zeotap

The following abstracts provide an insight into the topics covered by them. The abstracts are linked to the complete reports:

  1. Frappe: GDPR Compliance for ERP
  2. Doosra: Protecting your mobile number
  3. Zerodha: Data protection, security and privacy practices
  4. Zeotap: Privacy in Data as a Service (DaaS) business

The team for Privacy Mode Fellowship Programme

  1. Anwesha Sen - Programme Coordinator
  2. S Kannan - Technical Writer
  3. Anish T P - Illustrations
  4. Stephanie Browne - Product Support
  5. David Timethy - Administration

Jury Members

 1. [Uzma Barlaskar](, Head of privacy and growth at WhatsApp.
 2. [Anand Venkatanarayanan](, Independent cybersecurity researcher.
 3. [Sankarshan Mukhopadhyay](, Editor at Privacy Mode.

Contact information

For queries about the Fellowship Programme, mail or leave a comment in the comments section


View acceptance criteria for the fellowship program 👉 here

Hosted by

Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more

Supported by

Ankita Roychoudhury & Yashodhara Shukla


Practices to ensure Data Protection and opting for best Security practices to prevent data breaches.

Submitted Jan 31, 2022

Privacy is recognised as one of the most important rights conferred on the citizens in the present century. In India, Privacy is recognised as a fundamental right well within the contours of Article 21, in the landmark judgement of K.S. Puttaswamy v Union of India. The aftermath of this led to the formation of the Joint Parliamentary Committee headed by Justice Srikrishna for drafting the Personal Data Protection Bill. The Personal Data Protection bill which is now known as Data Protection Bill derives inspiration from the General Data Protection Regulation (“GDPR”). The GDPR is the ace privacy legislation and has acted as a touchstone for almost all the newly drafted Data Privacy Legislation.
Through the project we wish to undertake for this fellowship programme, we intend to describe the practises that are to be followed particularly by a SaaS (Software as a Service) Company in order to satisfy the GDPR requirements. GDPR applies to the companies that interact with EU citizens, operate in the European Economic Area (“EEA”), employ EU citizens, and engage with companies that engage with EU citizens, thus magnifying the ambit of its applicability. We shall, through this project, provide the practical steps that we took, including but not limited to drafting suitable Cookie Policy, Privacy Policy, Data Processing Agreements, Organisational and Technical measures adopted, Data breach management, and their implementation to display compliance with the GDPR provisions to the very essence of it. The project will provide a tailored solution for “most frequently asked questions” in GDPR compliance-related woes which may be encountered by a SaaS company in the process of managing data breaches. We will try to depict the challenges encountered during the process, and most importantly how to tackle them in order to make a robust and resilient infrastructure that has the data protection principles as prescribed in GDPR, enshrined within.
We see the project becoming tangible in the form of a 2000 words article which shall be completed in accordance with the Milestones prescribed as under :

Milestone 1:- Drafting a Proper Privacy Policy and Cookie Policy for the Product. [ By 28th February 2022]
Drafting a proper Privacy Policy and Cookie Policy helps to achieve the basic compliance that demand conformity, in order to establish congruence with this ace legislation. As a company that provides Software as a Service and also provides services via its other verticals like Frappe School, we shall provide for a comprehensive account attuned to the requirement of a company with a similar business model as ours, and also discuss the relevance of the Cookie Policy whilst commenting on the requirement of a Cookie Banner and how to manage it.

Milestone 2:- Adoption of a Proper Access Control Policy within the Organisation. [By 15th March 2022] As an Open source Enterprise Resource Planning (“ERP”) Solutions Company, we face a deep challenge providing proper and adequate access controls in our Systems. Access control plays a vital role in preventing data breaches and is opted as an important security practice among companies. Under the project, we will try to address the issue of access control within the company and try to opt for the best industry practice to ensure data security and prevent data breaches within the company.

Milestone 3:- Adoption of a Data Retention Policy within the Organisation. [By 30th March 2022] As an ERP Solutions Company, we provide ERP in our Cloud services which entitles us to retain a large amount of data of our customers and our customer’s customers for which we are devising a proper data retention policy within the Company. This policy shall be an internal document that the company has to abide by if the Customer requests for the deletion of their account or any of the data that we are withholding from them. Under the project, we will draft the data retention policy (i.e. within how many days we shall be deleting a particular kind of data and related details) which is adopted by the company and devise a mechanism within the company to ensure that all the departments are aware that such a request has been generated by the Customer. The project will enumerate the step by step procedure adopted as per this policy for dealing with such Customer requests.

Milestone 4:- Opting for a Proper Backup Policy. [By 10th April 2022] To devise a proper backup policy and conduct backup regularly is one of major the major courses of action to prevent loss of data. Since we provide ERP on our Cloud services it is pertinent to devise a proper backup policy that puts out the process of carrying out backups that can be used to restore lost or corrupted data, which can ultimately lessen the financial blow to your organization. In this project, we will try to highlight the measures we have adopted in our Backup policy so that we minimise the loss of data as much as possible.

Milestone 5:- Data Portability. [By 20th April 2022] Data portability is an important requirement for many SaaS companies. It means the ability to move data between different environments and software applications. Very often, data portability means the ability to move data between on-premises data centres and the public cloud, and between different cloud providers. In this project, we will try to highlight how we offer the right to data portability to our customers.

Milestone 6:- Final conclusion and findings [By 30th April 2022]
The project will conclude with suggestions from our end as to what can be improved and where and how the legal lacunas can be dealt with for a holistic data privacy regime.


{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Make a submission

Accepting submissions till 30 Sep 2022, 11:55 PM

Hosted by

Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more

Supported by