EY webinar to examine why corporates need to prepare for Data Protection Act

From left: Ernst & Young Country Managing Partner Manil Jayesinghe, Ernst & Young Partner FAAS Hiranthi Fonseka, Partner | Solicitor Advocate LC Lawyers LLP (Hong Kong Law Firm member of the Global EY network) Kareena Teh and Partner 
D.L.F De Saram Manjula Sirimane

Ernst & Young Country Manager Manil Jayasinghe and Ernst & Young Partner Financial Accounting and Advisory Services Hiranthi Fonseka together with Partner D.L.F De Saram Manjula Sirimane and Kareena Teh – Partner | Solicitor Advocate LC lawyers LLP (Hong Kong Law Firm member of the Global EY network) will host the webinar ‘Are you ready for the Personal Data Protection Act?’ to deliberate how companies can make the fundamental changes proposed by the act.

The session will discuss the salient features of the bill, the regulatory expectations and what it means for businesses on a local and international scale.

Speaking on the PDP Act, Jayesinghe commented that personal data privacy should not be looked at in isolation or as the sole responsibility of information officers. He reiterated that this is an organisation wide project, involving operations, IT, legal and business processes. As the volume of personal data collected increases, so does the responsibility of protecting it. This responsibility becomes a legal obligation once the PDP Act is passed.

Fonseka added that the bill is a much welcome regulation to Sri Lanka’s digital economy, allowing the country to be placed alongside countries following GDPR (General Data Protection Regulation) for example. Drawing in from her experience in digital transformation, Fonseka emphasised the need for early adoption of compliance measures that would require a multi-disciplinary transformational approach. She noted that while the act may seem prohibitive in that it forces companies to reassess and realign the way in which it collects, processes and uses personal data, it is in essence an opportunity for companies to strengthen their risk and governance framework, overall data privacy and cybersecurity.

Published on November 25, 2021, the Sri Lanka Personal Data Protection Bill explicitly defines ‘personal data’ with identifiers such as genetics, mental, cultural, economic, social identity as well as criminal proceedings, children and biometrics being covered. Once enacted the bill gives certain rights to data subjects and makes clear the responsibilities of the data controllers and processes, while also vesting power in a Data Protection Authority to oversee compliance issues, among other tasks. The act goes on to stipulate the appointment and role of the data protection officer in companies processing high volumes of personal data and mandates data flow mapping and data protection impact assessments, while listing the penalties enforceable for non-compliance.

Board audit committee members, risk committee members, internal audit risk and compliance professionals, human resource personnel, IS/IT professional, other decision makers and interested parties are invited to join this webinar organised by the Financial Accounting Advisory Services (FAAS) division of EY on March 29, 2022, from 10:30 a.m. to 11:30 a.m. For registrations contact Thilini Perera on [email protected] or Tel. +94 770623529.