DLA Piper Intelligence

Data Protection
Laws of the World

Law

Pakistan
Pakistan

There is, at the date of publication, no legislation regulating the protection of data in Pakistan. 

Last modified 26 Jan 2018
Law
Pakistan

There is, at the date of publication, no legislation regulating the protection of data in Pakistan. 

Last modified 26 Jan 2018
Definitions

Definition of personal data

In the absence of any legislation regulating the protection of data in Pakistan, the term ‘personal data’ is undefined.

Definition of sensitive personal data

In the absence of any legislation regulating the protection of data in Pakistan, the term ‘sensitive personal data’ is undefined.

Last modified 26 Jan 2018
Authority

There is no national data protection authority in Pakistan.

Last modified 26 Jan 2018
Registration

Data controllers or collectors do not need to register with any authority.

Last modified 26 Jan 2018
Data Protection Officers

Organisations in Pakistan are not required to appoint a data protection officer.

Last modified 26 Jan 2018
Collection & Processing

Data controllers can collect and process personal data under any conditions.

Last modified 26 Jan 2018
Transfer

Although the transfer of data to third parties is not specifically regulated under the laws of Pakistan, data cannot be transferred from Pakistan to a country which is not recognised by Pakistan. Pakistan currently does not recognise Israel, Taiwan, Somaliland, Nagorno Karabakh, Transnistria, Abkhazia, Northern Cyprus, Sahrawi Arab Democratic Republic, South Ossetia and Armenia. This list may change from time to time. Furthermore, data can only be transferred to India if such a transfer can be justified by the transferor.

Besides being regulated by contractual terms, data collated by, inter alia, banks, insurance firms, hospitals, defence establishments and other ‘sensitive’ installations/institutions cannot be transferred to any individual/body unless it is transferred with the permission of the relevant regulator or similar bodies on a confidential basis. Additionally, in certain cases data cannot be transferred without the permission of the relevant client/customer.

Please note however that in the case of banks/ financial institutions, the secrecy of banking transactions must be maintained.

Last modified 26 Jan 2018
Security

Data controllers do not have to fulfil any security requirements.

Last modified 26 Jan 2018
Breach Notification

Data security breaches or losses do not have to be reported or notified to any body or individual.

Last modified 26 Jan 2018
Enforcement

In the absence of any legislation in the sphere of data protection no body or entity enforces any law. Enforcement and appropriate relief may however be sought through courts of law having jurisdiction in the matter.

Last modified 26 Jan 2018
Electronic Marketing

There is, at the date of publication, no subsisting legislation regulating electronic marketing in Pakistan. Please note that an earlier law promulgated in this regard has since lapsed. 

Last modified 26 Jan 2018
Online Privacy

The Prevention of Electronic Crimes Act, 2016 has criminalized, amongst other things: unauthorized access to information systems or data; the unauthorized copying or transmission of data; the unauthorized use of identity information; and "offences against the dignity of a natural person", which includes transmitting informatin through an information system which "harms the reputation or privacy of a natural person". However, there is no law specifically regulating the manner in whcih an individual's private information may be stored or transmitted online. 

%MCEPASTEBIN%%MCEPASTEBIN%

Last modified 26 Jan 2018
Contacts
Darakhshan Sheikh Vohra
Darakhshan Sheikh Vohra
Partner
T +9221 3583 5101 – 104
Ali Qaisar
Ali Qaisar
Associate
T +9221 3583 5101-104
Last modified 26 Jan 2018