View All - 2022 Acts Section No : Acts & Ordinances PERSONAL DATA PROTECTION ACTMarginal Notes1. Short Title and date of operation2. Application of this Act3. The provisions of this Act to prevail in case of any inconsistency4. Compliance with the data protection obligations5. Obligation to process personal data in a lawful manner6. Obligation to define a purpose for personal data processing7. Obligation to confine personal data processing to the defined purpose8. Obligation to ensure accuracy9. Obligation to limit the period of retention10. Obligation to maintain Integrity and confidentiality11. Obligation to process personal data in a transparent manner12. Accountability in the processing of personal data13. Right of access to personal data14. Right of withdrawal of the consent and the right to object to processing15. Right to rectification or completion16. Right to erasure17. Grant or refusal of rectification, completion, erasure or refrain from further processing18. Automated individual decision making19. Right of appeal of the data subjects to the Authority and the process of determination of such appeal20. Designation or appointment of the Data Protection Officer21. Additional obligations of a controller22. Additional obligations of the processors23. Personal Data breach notifications24. Personal data protection impact assessments25. Measures to mitigate risks of harm and the requirement for prior consultation26. Cross-border data flow27. Solicited messages to data subjects by controllers28. Establishment of the data Protection Authority29. Constitution of the Board of Directors30. Chairperson of the Board31. Objects of the Authority32. Powers of the Authority33. Duties and functions of the Authority34. Authority may issue licences35. Directives made by the Authority36. Appointment of the Director- General37. Staff of the Authority38. Imposition of penalties39. Matters to consider when imposing a Penalty40. Exemptions, restrictions or derogations41. Fund of the Authority42. Financial year and Audit of Accounts43. Power to borrow44. Delegation of powers, duties and functions of the Authority45. Delegation of powers, duties and functions by the Director-General46. Expenses to be paid out of the Fund of the Authority47. Review of the performance of the Authority48. Annual Report49. Protection of officers of the Authority from suit or prosecution50. All officers and employees of the Authority deemed to be public servants for the purposes of Penal Code51. Authority deemed to be a scheduled institution for the purposes of Bribery Act52. Rules53. Regulations54. Official Secrecy55. Removal of difficulties56. Interpretation57. Sinhala text to prevail in case of inconsistency