The Data Protection Authority (DPA) is an independent body governed by a Board of Directors
and managed by a Director-General (CEO), who is appointed by the Board. The DPA is
entrusted with the following mandates:
a) Regulating the processing of personal data in accordance with the Personal Data Protection Act (PDPA).
b) Safeguarding the privacy of data subjects from adverse impacts resulting from the digitalization of procedures and services in both the public and private sectors.
c) Implementing mechanisms to protect the personal data of individuals involved in digital transactions and communications.
d) Ensuring regulatory compliance with the PDPA to support growth and innovation in the digital economy.
The PDPA grants the DPA extensive powers, including those related to rulemaking, advisory functions, handling complaints, oversight, authorization, licensing, investigation, correction, enforcement and raising awareness.
Additionally, the DPA is responsible for ensuring compliance with data protection obligations under international conventions, managing technical cooperation and exchanges with foreign data protection authorities and international or inter-governmental organizations, either independently or on behalf of the government.
a) Regulating the processing of personal data in accordance with the Personal Data Protection Act (PDPA).
b) Safeguarding the privacy of data subjects from adverse impacts resulting from the digitalization of procedures and services in both the public and private sectors.
c) Implementing mechanisms to protect the personal data of individuals involved in digital transactions and communications.
d) Ensuring regulatory compliance with the PDPA to support growth and innovation in the digital economy.
The PDPA grants the DPA extensive powers, including those related to rulemaking, advisory functions, handling complaints, oversight, authorization, licensing, investigation, correction, enforcement and raising awareness.
Additionally, the DPA is responsible for ensuring compliance with data protection obligations under international conventions, managing technical cooperation and exchanges with foreign data protection authorities and international or inter-governmental organizations, either independently or on behalf of the government.
The DPA at a glance – The Mandate
Regulation
(a) to regulate the processing of personal data in
- accordance with the provisions of this Act;
Protection
(b) to safeguard the privacy of the data subjects from
- any adverse impact arising from the digitalization of the procedures and services in the public and private sector;
(c) to provide for mechanisms to ensure the protection
- of personal data of data subjects engaged in digital transactions and communications;
Compliance
(d) to ensure the regulatory compliance with the
- provisions of this Act to facilitate for the growth and innovation in digital economy.