CFA Society Sri Lanka collaborate with EY to assess the impact of the Sri Lankan Data Protection Law on the Financial Services Industry 

Sri Lankan Parliament confirmed the enactment of the much-awaited Data Protection Act (DPA) on 10 March, empowering Data Protection Authority to impose penalties of up to Rs. 10 million per non-compliance and providing individuals with ‘data subject rights’ to exercise their ‘Right to Privacy’.

To a large extent, the new privacy law is in-line with global privacy regulations such as EU-GDPR (General Data Protection Regulations) requiring organisations to appoint Data Protection Officer (DPO); process data in a transparent, lawful and fair manner; conduct Data Protection Impact Assessment (DPIA); report breaches to authority and implement appropriate safeguards to protect personal data from unauthorised use, modification and disclosure.

In this context, CFA Society Sri Lanka in collaboration with Ernst & Young will be hosting a panel discussion with Sri Lanka CERT Director and ICTA General Counsel Jayantha Fernando, EY Global Delivery Services Associate Director Nakul Chopra, NDB Capital Holdings Ltd., Head of Compliance Suhadini Wickremasinghe with EY Sri Lanka Senior Director Shanaka De Silva as the moderator on Sri Lanka DPA to provide a viewpoint from industry experts on the salient requirements of the newly enacted privacy regulation, journey of other organisations who have undergone similar transformation due to enactment of EU-GDPR and share insights on privacy framework and methodology organisations should consider.

CFA Society Sri Lanka CFA President Dinesh Warusavitharana commenting on the Panel discussion stated: “The world of finance is progressing through rapidly expanding technological advances resulting in the creation of new business models like crowdfunding, peer to peer lending, digital currencies, mobile banking, online investment, and new-age digital payment systems. The application of intrusive technologies like artificial intelligence, robotic process automation, blockchain, cloud computing has enabled a data-driven culture in the financial services sector. In this context, a discussion on the DPA is of critical importance to assess the impact of it on the industry.”

EY Partner and Head of Consulting Arjuna Herath commenting on the event stated: “With the help of data analytics techniques fintech organisations utilise large sets of personal data (demographic, location, cookies, online purchase history, credit history, etc) as a revenue-generating stream to generate better customer insights, offer personalised products, tailored digital marketing and many more. Additionally, cloud computing has enabled the storage of petabytes of data in online repositories and accelerator processing speed through on-demand computing power. Hence, EY is pleased to be associated with the CFA Society Sri Lanka to enlighten the financial services industry on how to grapple with the DPA in the context of the progressive nature of the industry” 

Board audit committee members, risk committee members, internal audit risk and compliance professionals, human resource personnel, IS/IT professionals, other decision-makers, and interested parties are invited to join this panel discussion organised by the CFA Society Sri Lanka on 8 April at 3:30 p.m.