Page 22 - KDU Law Journal Volume 4 Issue 2
P. 22
KDU Law Journal Volume 04 Issue II
September, 2024
Obligations of the data fiduciary Section 8 (4) and (5) of the
43
44
act require that the data fiduciary must ensure the security and
integrity of personal data. To ensure security, the data fiduciary
must implement security measures to protect against data breaches
and unauthorized access and maintain detailed records of data
processing activities.Lastly, the act introduces strict penalties for
non-compliance, including hefty fines and potential legal action.
By imposing these consequences, the act seeks to encourage
businesses and organizations to take data protection seriously
and prioritize the privacy rights of individuals. These measures
ensure compliance with the act but also serve as a deterrent against
negligence or misconduct in handling personal data. Overall, the
Digital Personal Data Protection Act 2023 represents a significant
step forward in strengthening the rights of individuals in the
digital space and promoting responsible data practices. However,
it comes with several limitations that need continuous review
and refinement. Firstly, the Act grants the government substantial
leeway to exempt any of its agencies from the provisions of the
Act. This raises concerns about the potential for misuse, especially
regarding surveillance and privacy. Secondly, limited scope of
applicability, the Act primarily applies to digital data and does not
comprehensively address non-digital data. In an era where data is
increasingly integrated across digital and physical platforms, this
limitation could leave a significant gap in data protection. Thirdly,
the Act mandates data breach notifications, but it does not specify
stringent timelines or the exact nature of information that must be
disclosed to affect individuals. This lack of specificity can hinder
effective response and remediation efforts.
43 Section 8(4) - A data Fiduciary shall implement appropriate technical and organizational
measures to ensure effective observance of the provisions of this Act and the rules made
thereunder. Supra note 36.
44 Section (6) - A Data Fiduciary shall protect personal data in its possession or under its
control, including in respect of any processing undertaken by it or on its behalf by a Data
Processor, by taking reasonable security safeguard to prevent personal data breach. Supra
note 34.
law.faculty@kdu.ac.lk
15