Data Protection in Sri Lanka

Security in Sri Lanka

The PDPA does not prescribe the specific technical measures or standards that ought to be implemented but requires the adoption of appropriate technical and organizational measures to ensure security that is commensurate to the risk of the processing activity.

Nonetheless, it provides insight into such technical and organizational measures by setting out that such measures include encryption, pseudonymization, anonymization or access controls. 

Moreover, the PDPA also requires processors of personal data to have in place such technical and organizational measures, and ensure that their personnel data are bound by contractual obligations of confidentiality and secrecy.

Continue reading

  • no results

Previous topic
Back to top