TheArtOfService
Cross-Framework Mapping

Sri Lanka Personal Data Protection Act (No. 9 of 2022)vsFTC GLBA Safeguards Rule (16 CFR Part 314)

See exactly how Sri Lanka Personal Data Protection Act (No. 9 of 2022) controls map to FTC GLBA Safeguards Rule (16 CFR Part 314). Pre-computed mappings, identified gaps, and coverage analysis.

8
Controls Mapped
28
Gaps Found
19%
Coverage

According to the TheArtOfService Compliance Knowledge Graph:

Sri Lanka Personal Data Protection Act (No. 9 of 2022) maps to FTC GLBA Safeguards Rule (16 CFR Part 314) with 19% coverage across 7 directly mapped controls. Analysis of 36 Sri Lanka Personal Data Protection Act (No. 9 of 2022) controls identifies 29 compliance gaps — primarily concentrated in Part II - Rights of Data Subjects.

Source: TheArtOfService Knowledge Graph | 36 controls analysed | 715 frameworks | 415K+ cross-framework mappings

Control Mappings

Showing 8 of 8 mapped controls across 6 domains. Sign up to explore all 415K+ mappings across 715 frameworks.

Part III - Controller and Processor Responsibilities(3 mappings)

SLPDPA-10Data Breach Notification2 targets
FTC-Safeguards-IR-Plan-BoardReporting-FTC-NotificationWritten Incident Response Plan + Board Reporting + FTC Breach Notification (16 CFR 314.4(h), (i), (j))
FTC-Safeguards-Scope-DefsScope, Definitions and Financial Institution Applicability (16 CFR 314.1, 314.2)
SLPDPA-9Data Protection Management Program
FTC-Safeguards-9-Elements9 Safeguard Elements - Access, Inventory, Encryption, Secure-Dev, MFA, Disposal, Change-Mgmt, Monitoring, Pen-Test (16 CFR 314.4(c))

Part IV - Direct Marketing(1 mappings)

SLPDPA-11Consent for Direct Marketing
FTC-Safeguards-Scope-DefsScope, Definitions and Financial Institution Applicability (16 CFR 314.1, 314.2)

Part V - Data Protection Authority(1 mappings)

SLPDPA-13Establishment of Authority
FTC-Safeguards-9-Elements9 Safeguard Elements - Access, Inventory, Encryption, Secure-Dev, MFA, Disposal, Change-Mgmt, Monitoring, Pen-Test (16 CFR 314.4(c))

Exemptions and Penalties(1 mappings)

SLPDPA-16Penalties (Part VII)
FTC-Safeguards-9-Elements9 Safeguard Elements - Access, Inventory, Encryption, Secure-Dev, MFA, Disposal, Change-Mgmt, Monitoring, Pen-Test (16 CFR 314.4(c))

Part I - Legal Principles for Processing(1 mappings)

SLPDPA-2Legal Bases for Processing (Section 5)
FTC-Safeguards-Scope-DefsScope, Definitions and Financial Institution Applicability (16 CFR 314.1, 314.2)

Part II - Rights of Data Subjects(1 mappings)

SLPDPA-5Right to Object and Access
FTC-Safeguards-Scope-DefsScope, Definitions and Financial Institution Applicability (16 CFR 314.1, 314.2)

Related Comparisons

Other Sri Lanka Personal Data Protection Act (No. 9 of 2022) comparisons

Sri Lanka Personal Data Protection Act (No. 9 of 2022) vs Florida Digital Bill of Rights (FDBR)7 mappingsSri Lanka Personal Data Protection Act (No. 9 of 2022) vs Azure Security Benchmark7 mappingsSri Lanka Personal Data Protection Act (No. 9 of 2022) vs LGPD7 mappingsSri Lanka Personal Data Protection Act (No. 9 of 2022) vs Law No. 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data7 mappingsSri Lanka Personal Data Protection Act (No. 9 of 2022) vs Rwanda Law No. 058/2021 Relating to the Protection of Personal Data7 mappingsSri Lanka Personal Data Protection Act (No. 9 of 2022) vs Kuwait Data Privacy Protection Regulation (KDPPR, 2021 - CMA Directive)7 mappingsSri Lanka Personal Data Protection Act (No. 9 of 2022) vs Laos Law on Prevention and Combating Cybercrime (2015)7 mappingsSri Lanka Personal Data Protection Act (No. 9 of 2022) vs Saudi PDPL7 mappings

Other FTC GLBA Safeguards Rule (16 CFR Part 314) comparisons

HKMA Cyber Resilience Assessment Framework (C-RAF) vs FTC GLBA Safeguards Rule (16 CFR Part 314)6 mappingsNIST AI Risk Management Framework (AI RMF 1.0) vs FTC GLBA Safeguards Rule (16 CFR Part 314)6 mappingsNIST AI 600-1: Generative AI Profile vs FTC GLBA Safeguards Rule (16 CFR Part 314)6 mappingsSwitzerland FADP vs FTC GLBA Safeguards Rule (16 CFR Part 314)6 mappingsBarbados Data Protection Act 2019 vs FTC GLBA Safeguards Rule (16 CFR Part 314)6 mappingsISO/IEC 27557:2022 - Organisational Privacy Risk Management vs FTC GLBA Safeguards Rule (16 CFR Part 314)6 mappingsBahrain PDPL vs FTC GLBA Safeguards Rule (16 CFR Part 314)6 mappingsLaos Law on Prevention and Combating Cybercrime (2015) vs FTC GLBA Safeguards Rule (16 CFR Part 314)6 mappings

Stop Paying Consultants to Read Spreadsheets

AI-powered compliance intelligence across 715 frameworks — at a fraction of consulting costs.

$0/forever

Free

  • 715 framework browser
  • Cross-framework mappings (415K+)
  • 824 compliance assessments
  • 3 AI queries & searches per day
Get Started Free
Recommended
$49/month

Professional

  • Unlimited AI Compliance Advisory
  • Unlimited full-text search
  • Framework self-assessment
  • PDF, Excel & CSV exports
Start 7-Day Free Trial →

Popular framework comparisons

NIST CSF vs NIST 800-53ISO 27001 vs NIST CSFCMMC vs NIST 800-53FedRAMP vs NIST 800-53NIST CSF vs SOC 2HIPAA vs NIST 800-53ISO 27001 vs SOC 2ISO 27001 vs ISO 27701

What are the key differences between Sri Lanka Personal Data Protection Act (No. 9 of 2022) and FTC GLBA Safeguards Rule (16 CFR Part 314)?

Sri Lanka Personal Data Protection Act (No. 9 of 2022) has 36 controls across its framework, while FTC GLBA Safeguards Rule (16 CFR Part 314) covers 11 controls. Direct mapping analysis identifies 7 overlapping controls (19% coverage). The frameworks diverge most significantly in Part II - Rights of Data Subjects, where 3 Sri Lanka Personal Data Protection Act (No. 9 of 2022) controls have no direct FTC GLBA Safeguards Rule (16 CFR Part 314) equivalent.

How many controls map between Sri Lanka Personal Data Protection Act (No. 9 of 2022) and FTC GLBA Safeguards Rule (16 CFR Part 314)?

Of 36 total Sri Lanka Personal Data Protection Act (No. 9 of 2022) controls, 7 map directly to FTC GLBA Safeguards Rule (16 CFR Part 314) controls — representing 19% coverage. The remaining 29 controls represent compliance gaps requiring additional documentation or compensating controls to satisfy both frameworks simultaneously.

What are the compliance gaps when mapping Sri Lanka Personal Data Protection Act (No. 9 of 2022) to FTC GLBA Safeguards Rule (16 CFR Part 314)?

29 Sri Lanka Personal Data Protection Act (No. 9 of 2022) controls have no direct equivalent in FTC GLBA Safeguards Rule (16 CFR Part 314). The highest concentration of gaps is in Part II - Rights of Data Subjects with 3 unmapped controls. These gaps represent areas where additional controls, policies, or documentation must be created to achieve compliance with both frameworks.

Which control domains have the most gaps between Sri Lanka Personal Data Protection Act (No. 9 of 2022) and FTC GLBA Safeguards Rule (16 CFR Part 314)?

The domain with the highest gap count is Part II - Rights of Data Subjects (3 gaps). Export the full domain-by-domain gap breakdown via the Professional tier to generate a prioritised remediation roadmap.

Related Resources

How to Map Controls Across Frameworks|Multi-Framework Compliance Guide|Compliance Glossary

This platform provides educational compliance tools, not legal, regulatory, or professional compliance advice. Cross-framework mappings are AI-assisted interpretations and do not reproduce or replace official standards. Framework names and trademarks belong to their respective owners. Consult qualified professionals for your specific compliance requirements. See our Terms of Service.