Governments today are establishing a data protection regime that is a fundamental step in developing a broader approach to modern digital governance that protects citizens from harm while supporting useful public and private sector innovation. .

Given this scenario, Sri Lankan lawmakers approved the Personal Data Protection Bill in Parliament in March 2022. The Bill aims to protect the rights of individuals and ensure consumer confidence in the processing personal data. In other words, this information could reside in systems and manuals.

It provides measures to protect the personal data of individuals held by banks, telecommunications operators, hospitals and other personal data aggregation and processing entities, where these entities will be required to collect personal data only to specified purposes and for no other purpose.

The bill will seek to define the roles and responsibilities of the various chains in the use, storage and processing of data and also provides for a sanction in the event of non-compliance, which would be subject to the nature and extent of disrespect. As such, organizations large and small that fall within the scope of the law are required to conduct their data processing and related activities as specified in the bill,

Organizations will therefore be obliged to implement appropriate measures to prevent unauthorized access to sensitive and confidential information, prevent malicious cyberattacks, accidental loss or deletion of any confidential data.

This involves putting in place a strong data security strategy centered on people, process and technology, integrated into the culture of the company and the processes.

Organizations will also need to ensure that employees are trained to understand the importance of securing sensitive and confidential information, as well as to implement the right technology to guard against malicious and accidental data loss. In this context, PwC intends to play a key role in helping the boards of organizations to adapt to the requirements of the bill and to ensure that companies have a data privacy compliance program in place, as well as appropriate processes and controls.

Helping companies on their journey to comply with multiple data privacy laws in a routine way, they will offer a full range of preparations for data protection regulatory changes, from assessing the scope and gaps to Implementation.

These include services offered in Privacy Assessment Services, Personal Data Governance, Contract Assessment, Privacy Awareness and Individual Rights Management, Privacy Enhanced Security, privacy framework review, privacy strategy consulting, privacy program development, structure, roles and operating model, data flow mapping, inventory cataloging and classification, impact assessment on data privacy, global data transfer strategies and data retention policies.

Underlining the importance of local businesses transitioning to the new privacy regime, Nishan Mendis Technology Consulting Leader, PwC Sri Lanka said, “To protect their organizational integrity, it is imperative that businesses make data privacy a priority absolute. Privacy laws have a significant impact on how companies do business. Despite differences in scope, application and enforcement, cybersecurity and data privacy laws should share general requirements and common general objectives. At PwC, we will support our local businesses to create the digital trust that is a very important and essential criterion for the success and integrity of a business today. Vengadasalam Balagobi, Director, Cybersecurity and Privacy Practice Leader at PwC Sri Lanka, added: “Businesses today must be responsible for monitoring and protecting their data on a daily basis. , today’s organizations need new mechanisms to build consumer trust as they address emerging challenges in business, risk management and compliance.

As such, we can help companies put data protection requirements into business context and help develop the steps required to transform privacy programs, with tools and accelerators to facilitate the process.