Wednesday Dec 25, 2024
Wednesday, 13 September 2023 00:15 - - {{hitsCtrl.values.hits}}
The Sri Lanka Institute of Directors (SLID) Innovation and Technology committee recently hosted an evening discussion on the Personal Data Protection Act (PDPA).
Heritage Partners Partner and a senior digital lawyer Jayantha Fernando elaborated on events leading to the expeditious enactment of this Act and noted that it will come into effect any time from September 2023 and March 2025 depending on the setting up of the regulator and other pre-requisites being met.
Fernando explained the rationale for this legislation, and the economic benefit that the country stands to derive through the adoption of this Act, he further noted that this was a primary requirement of foreign investors and high net worth individuals. A proper legal framework is needed to secure the privacy of data collected by organisations, this becomes an important element for a digital economy and to foster innovation for business growth and development.
The evening session commenced with a presentation by Ernst & Young (EY) India Associate Director Nakul Chopra and an expert in data privacy and protection. Chopra highlighted the key areas of the PDPA, he articulated the instances where the requirements of the Act will apply to businesses and individuals. Chopra noted that the obligations to protect the data will apply to all businesses irrespective of size and nature of business. He noted that the journey to comply with PDPA should start with an initial privacy risk assessment to gain an understanding of current state and establish a future strategy to respect the ‘right to privacy’.
A global firm specialising in cyber security Scybers’s co-founder Madu Ratnayake highlighted that this act will apply to instances where data is to be sent across borders. He further noted that ensuring privacy and security of data is a key responsibility of any organisation that collects data of individuals. He highlighted the need for setting the tone from the top from the board level to all levels of leaders and, building talent and capacity in the organisation for appropriate use of personal data. Ratnayake further stated that establishing a strong culture that respects privacy and security is essential for going beyond compliance towards building digital trust that will create competitive advantage for companies.
NDB Capital Holdings Head of Compliance Suhadini Wickremasinghe speaking during the panel discussion explained the measures being taken within the financial services industry to ensure privacy of Data. Wickremasinghe opined that the law allows companies to design their own self-governance programs to meet the requirements of the law. She also explained that the law provides the flexibility to companies to implement the law in a way that will help build trust especially in attracting investments from abroad.
The discussion was ably moderated by former Partner and Head of Consultancy at EY Sri Lanka and Maldives Arjuna Herath who is also the Chair of the Innovation and Technology Committee of SLID. He facilitated an insightful Question and Answer session with the audience. It was noted that default in meeting the provisions in the Act can lead to fines being imposed and most crucially loss of business reputation.