Page 36 - JDPA Volume 02, Issue 02
P. 36
Journal of Defence & Policy Analysis Volume 02, Issue 02, December 2023
Comparison to international standards
The Sri Lankan Personal Data Protection Act (PDPA) No. 9 of 2022 is influ-
enced by international standards such as Convention 108 and the GDPR,
which establish a global standard for personal data protection.
Personal Data –
Personal Data means any information that can identify a data subject directly or
indirectly, by reference to
(a) An identifier such as a name, an identification number, financial data,
location data or an online identifier (i.e. name, NIC,
phone number, postal address, credit card number, IP address, data related
to GPS etc.); or
(b) One or more factors specific to the physical, physiological, genetic, psy-
chological,economic, cultural or social identity of that individual or natural
person (e.g. photograph,biometrics, social security data, employee numbers
etc.)
Challenges:
• Institutionalizing an organization-wide culture in the state and non-state sector
institutions of treating personal data - both legally and ethically.
.1. The potential ambiguity between cyber security/cyber safety vs protec-
tion of personal data (safeguarding the rights of
‘data subjects’ – citizens)
2. Need for more professionals around DP – policy, legal,
technical and managerial aspects.
Trust
1. An important element in the digital space, especially when the govt and
any other private/public organization are in the
process of digital transformations
2. Consumer/citizen’s trust underpins the success of such digital transfor-
mation strategies.
3. The PDPA can reinforces the trust factor, enabling increased adoption of
digital services which could result in more innovation, through its princi-
ples of accountability, data quality,
transparency etc.
Faculty of Defence and Strategic Studies, General Sir John Kotelawala Defence University, Sri Lanka
26
