Sri Lanka made history as the first South Asian country to enact independent legislation for personal data protection with the Personal Data Protection Act No. 9 of 2022 (PDPA). This crucial legislation draws from international best practices across Europe, the United States and Asia, formulating a robust foundation for safeguarding personal data. In order to ensure compliance, legal frameworks will not suffice - they must be supported by comprehensive policy frameworks, regulations and technological safeguards.
The Data Protection Authority of Sri Lanka was established under the PDPA, in August 2023, to regulate personal data processing and protect individuals' privacy. This authority is committed to ensuring that all entities, both public and private, adhere to the legal obligations set out in the Act. By securing personal data and promoting regulatory compliance, the Authority aims to foster growth and innovation in Sri Lanka's digital economy, ensuring that digital transactions and communications are both safe and trusted.
| Data Protection Act SL | |||||||||
Why Data Protection Matters
Protecting Privacy
Your right to privacy means your personal data is protected and cannot be disclosed without your consent.
Preventing Crime
Protecting your data helps prevent crimes such as identity theft.
Enabling Innovation
When data is protected, it is easier for companies to create new and innovative solutions.
Trust in Digital Services & Businesses
When companies protect data, people’s trust increases. This trust is key for businesses to succeed online.
Fairness, Transparency and Anti-Discrimination
Fair and transparent data practices ensure you are not subject to bias or discrimination.
Partnerships & Collaborations
