Personal Data Protection Authority progresses with Board appointment

Tuesday, 10 October 2023 00:56 -     - {{hitsCtrl.values.hits}}

  • Ex-E&Y fame Arjuna Herath made Chairman

President Ranil Wickremesinghe has initiated the appointment of a Board of Directors for the Sri Lanka Personal Data Protection Authority, established with the primary objective of safeguarding personal data within the nation. In a significant milestone for data protection in South Asia, Sri Lanka›s Personal Data Protection Act No. 9 of 2022 (‹PDPA›) has been making strides toward full implementation. .

The act, certified by the Speaker on 19 March 2022, aims to safeguard personal data held by various entities, including Government bodies, banks, telecom operators and hospitals.

This legislation, the first of its kind in South Asia, was developed through a transparent process, with draft versions made available for public comment from June 2019. The PDPA is set to be implemented in phases, with Part V brought into operation through a Gazette notification on 21 July 2023. 

This crucial step allowed the Government to appoint the Board of Directors, comprising seven individuals with expertise in engineering, accounting/finance, law and regulatory affairs.

Leading the Board of Directors is Ernst & Young in Sri Lanka and the Maldives former Consulting Leader and Senior Chartered Accountant Arjuna Herath. Other notable members include Attorney-at-Law and Former State Counsel Nisith Abeysooriya, President›s Counsel Saumya Amarasekera, Digital Law Expert and PDPA drafting Committee Chair Jayantha Fernando, Additional Secretary to the President Dr. Sulakshana Jayawardana, ISO Lead Auditor and Technology Management specialist Bimsara Seneviratne and Electronics Engineer /Digital Strategy specialist Shehan Wijetilaka.

The PDPA assumes paramount importance in light of the Government and private sector›s digital strategies, along with global privacy law developments. It is expected to attract investment and promote the digital economy, aligning with the National Digital Strategy and the Sri Lanka Unique Digital Identity (SL-UDI) project.

President Ranil Wickremesinghe highlighted the need for data protection in his November 2022 Budget Speech, promising the establishment of the Data Protection Authority in 2023. This independent regulator will collaborate with various sectoral regulators to ensure the proper governance of personal data.

Currently, the Board of Directors is in the deliberation and planning phase for the creation of the Data Protection Authority. The first step involves recommending the operation of Part VIII (Fund of the Authority) and Part IX of the Act to design the organisational framework, recruitment procedures and roles of key officers, including the Director General.

To meet the Act›s enforcement deadline of 19 March 2025, the Authority plans to formulate policy frameworks and regulations. It will hold public consultations and engage with advisory committees representing key sectors of the economy and other stakeholders to ensure comprehensive and effective data protection measures.

The Authority is set to commence public consultations and awareness campaigns once it has the necessary capacity, a process expected to take several months. Sri Lanka is on its way to establishing a robust framework for personal data protection in the digital age, making strides toward safeguarding citizens› privacy and promoting trust in the digital ecosystem.

 

 

COMMENTS