Sri Lankan lawmakers recently approved the Personal Data Protection Bill in Parliament in March 2022, where the Bill aims to safeguard the rights of individuals and ensure consumer trust in processing of personal data.
The Bill provides measures to protect the personal data of individuals held by banks, telecom operators, hospitals, and other personal data aggregating and processing entities, where these entities will be required to collect personal data only for specified purposes and not for any other purpose.
The bill will seek to define roles and responsibilities of the various chains in the usage, storage and processing of data and also sets a penalty for failure to comply, which would be subject to the nature and the extent of non-compliance. As such, organizations large and small who fall within the scope of the law are bound to conduct their data processing and related activities as specified in the Bill, Organizations therefore will be compelled to implement the appropriate measures to prevent unauthorized access to sensitive and confidential information, prevent malicious cyber-attacks, accidental loss, or the deletion of any confidential data. This involves putting in place a robust data security strategy that centers on people, process and technology which is embedded into the culture of the business and processes.
In this context, PwC intends to play a key role in assisting Organization’s Boards to adapt to the requirements of the Bill and help ensure that companies have a data privacy compliance program in place, along with the right processes and controls.
Nishan Mendis Technology Consulting Leader, PwC Sri Lanka stated “to protect their organizational integrity, it is imperative that companies make data privacy a top priority. Privacy laws have significant impacts on how companies do business. Despite variations in scope, application and enforcement, cyber security and data privacy laws need to share common broad requirements and overarching goals. At PwC we will support our local companies to create digital trust which is a very important and essential criteria today for a company’s success and integrity.”
Vengadasalam Balagobi, Director, Practice Head Cyber Security and Privacy of PwC Sri Lanka added, “businesses today must be accountable for monitoring and protecting their data on a daily basis. Therefore today’s organizations need new mechanisms to build consumer trust and confidence as they address emerging challenges in business, risk management and compliance.”