Sri Lanka Personal Data Protection Act (No. 9 of 2022)
The Sri Lanka Personal Data Protection Act No. 9 of 2022 establishes a comprehensive data protection framework for Sri Lanka. It creates the Data Protection Authority of Sri Lanka, establishes data processing principles, individual rights, and obligations for controllers and processors. Applies to processing of personal data of individuals in Sri Lanka. Implementation phased over 18 months from commencement.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (5)
Breach
| Code | Title |
|---|---|
| SRILANKA-5 | Breach + Enforcement |
Governance
| Code | Title |
|---|---|
| SRILANKA-4 | DPO + Governance |
Rights
| Code | Title |
|---|---|
| SRILANKA-2 | Consent, Notice, Rights |
Scope
| Code | Title |
|---|---|
| SRILANKA-1 | Scope, Lawful Basis (Sri Lanka) |
Security
| Code | Title |
|---|---|
| SRILANKA-3 | Security and Cross-Border |
Frequently Asked Questions
What is Sri Lanka Personal Data Protection Act (No. 9 of 2022)?
Sri Lanka Personal Data Protection Act (No. 9 of 2022) is a compliance framework from Sri Lanka with 5 domains and 5 controls. The Sri Lanka Personal Data Protection Act No. 9 of 2022 establishes a comprehensive data protection framework for Sri Lanka. It creates the Data Protection Authority of Sri Lanka, establishes data processing principles, individual rights, and obligations for controllers and processors. Applies to processing of personal data of individuals in Sri Lanka. Implementation phased over 18 months from commencement. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Sri Lanka Personal Data Protection Act (No. 9 of 2022) have?
Sri Lanka Personal Data Protection Act (No. 9 of 2022) has 5 controls organised across 5 domains. The largest domains are Breach (1 controls), Governance (1 controls), Rights (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Sri Lanka Personal Data Protection Act (No. 9 of 2022) map to?
Sri Lanka Personal Data Protection Act (No. 9 of 2022) does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with Sri Lanka Personal Data Protection Act (No. 9 of 2022) compliance?
Start your Sri Lanka Personal Data Protection Act (No. 9 of 2022) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Sri Lanka Personal Data Protection Act (No. 9 of 2022) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 5 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required