What is the Personal Data Protection Act (PDPA)?
The PDPA is a legislation in Sri Lanka that sets out the rules for collecting, using, storing, and protecting personal data. It applies to both government and private sector organizations.
Who is covered by the PDPA?
The PDPA applies to all organizations, including government agencies and private sector companies, that collect, use, store, or process personal data in Sri Lanka.
What is considered personal data under the PDPA?
Personal data under the PDPA refers to any information that can be used to identify an individual, such as their name, address, email, phone number, and other identifying information.
What are the requirements for obtaining consent for the collection of personal data?
Organizations must obtain consent from individuals before collecting their personal data. This consent must be given freely, specifically, and informed. Individuals must be informed of the purpose for which their data is being collected, how it will be used, and who will have access to it.
What are the requirements for protecting personal data under the PDPA?
Organizations must take appropriate measures to protect personal data from unauthorized access, use, disclosure, alteration, or destruction. This may include measures such as encryption, secure storage, and regular security audits.
What are the consequences of non-compliance with the PDPA?
Organizations that violate the PDPA may face fines, legal action, and damage to their reputation. In addition, individuals may have the right to seek compensation for any harm suffered as a result of the unauthorized use of their personal data.
How does the PDPA relate to other laws and regulations in Sri Lanka?
The PDPA is a standalone law, but it may interact with other laws and regulations in Sri Lanka, such as privacy laws, data protection laws, and cybersecurity laws. Organizations must ensure that they comply with all relevant laws and regulations.
Book a demo with our client success team or create an account.