BoD appointed to Personal Data Protection Authority

The Board of Directors for Sri Lanka Personal Data Protection Authority, established with the primary objective of safeguarding personal data has been appointed by President Ranil Wickremesinghe. 

In a significant milestone for data protection in South Asia, Sri Lanka’s Personal Data Protection Act No. 9 of 2022 (‘PDPA’) has been making strides toward full implementation. The act, certified by the Speaker on March 19, 2022, aims to safeguard personal data held by various entities, including government bodies, banks, telecom operators and hospitals, according to a statement issued by President Media Division.

This legislation, the first of its kind in South Asia, was developed through a transparent process, with draft versions made available for public comment since June 2019. The PDPA is set to be implemented in phases, with Part V brought into operation through a gazette notification on July 21, 2023. This crucial step allowed the government to appoint the Board of Directors, comprising seven individuals with expertise in engineering, accounting/finance, law and regulatory affairs.

Leading the Board of Directors is Arjuna Herath, a Senior Chartered Accountant and former Consulting Leader of Ernst & Young in Sri Lanka and the Maldives. Other notable members include Attorney-at-Law and Former State Counsel Nisith Abeysooriya, President’s Counsel Saumya Amarasekera, Digital Law Expert & Chair of the PDPA drafting Committee Jayantha Fernando, Additional Secretary to the President Dr. Sulakshana Jayawardana, ISO Lead Auditor and Technology Management specialist Bimsara Seneviratne and Electronics Engineer and Digital Strategy specialist Shehan Wijetilaka.