Page 35 - JDPA Volume 02, Issue 02
P. 35
Journal of Defence & Policy Analysis Volume 02, Issue 02, December 2023
THE PERSONAL DATA PROTECTION ACT (PDPA)
NO. 9 OF 2022.
Waruna Danapala
Analysis of the key points
Waruna Danapala
The Personal Data Protection Act (PDPA) No. 9 of 2022.
1. The Personal Data Protection Act (PDPA) No. 9 of 2022 mainly focuses on
overseeing the handling of personal data.
2. Its primary objective is to recognize and enhance the rights of individuals,
ensuring the safeguarding of their personal information.
3. Establishment of the ‘Data Protection Authority’ (DPA).
4. The implementation of the PDPA will occur gradually over 18 to 36
months, involving phased operationalization to construct a comprehensive
compliance framework.
5. The PDPA - officially certified on 19/03/2022
This law is intended to apply to,
1. Any personal data handled by controllers or processors on or after the
Act’s effective date.
2. All personal data that’s physically recorded or personal data which is
manually is processed by controllers or processors.(This stands as a miscon-
ception assuming that it’s only applied for digital data).
3. Digital or electronically processed data by controllers or processors.
4. Personal data of both living and deceased individuals, whether citizens or
non-citizens.
Why should we protect personal data?
The Personal Data Protection Act (PDPA) No. 9 of 2022 outlines provisions
to safeguard the personal data held by various entities such as government
bodies, banks, telecom operators, and hospitals. The primary objective is to
ensure the protection of individuals’ personal data, preventing its misuse for
economic, commercial, or informational purposes. Striking a careful balance
in handling personal data is crucial to protect individual interests without
hindering broader operations.
Faculty of Defence and Strategic Studies, General Sir John Kotelawala Defence University, Sri Lanka
25
