Personal Data Protection Bill: Pakistan To Impose Up to $2 Million Fine for Leaking Data

The Federal Cabinet of Pakistan has granted in-principle approval to the “Personal Data Protection Bill, 2023,” aiming to introduce comprehensive regulations to govern the collection, processing, use, disclosure, and transfer of personal data.

The bill, once enacted, will establish a data protection mechanism and levy substantial fines on individuals and organizations found in violation of its provisions.

ALSO READ: Love, Lies, and Espionage: Pakistani Spies Target Indian Scientists and Soldiers

Establishment of National Commission for Personal Data Protection (NCPDP)

The bill mandates the creation of the National Commission for Personal Data Protection (NCPDP) within six months of its commencement. This commission will be responsible for overseeing and enforcing the provisions outlined in the act.

ALSO READ: Here Is How You Can Protect Your Instagram Account From Phishing Attacks: 6 Tips To Know

Enhanced Data Protection for Individuals

The Personal Data Protection Bill, 2023, places a strong emphasis on respecting the rights, freedoms, and dignity of individuals in connection with the processing of their data. Data controllers and processors must ensure that personal data is collected lawfully, fairly, and with the explicit consent of the individual for specific, legitimate purposes.

Protection of Children’s Data

In recognition of the vulnerability of children’s data, the bill offers extra safeguards to protect their privacy rights. Establishing trust online is vital to fully harness the opportunities presented by the digital economy, and this bill seeks to address this fundamental challenge.

ALSO READ: Yes, iPhones Can Be Hacked And Here’s How To Deal With Hackers

Enforcing Data Protection Obligations

The bill stipulates that all data controllers and processors operating within the territory of Pakistan, whether digitally or non-digitally, must register with the NCPDP. Entities deemed “significant” by the commission will be required to appoint a data protection officer to ensure compliance with data privacy regulations.

Notification of Data Breaches

In the event of a personal data breach, data controllers must notify the NCPDP and affected individuals within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in infringements of data subjects’ rights and freedoms.

Cross-Border Data Transfer

The bill outlines measures to ensure that personal data transferred to entities or systems outside Pakistan’s borders receives adequate protection consistent with the provisions of the act. Critical personal data will only be processed within Pakistan’s territory.

Fines for Violations

The “Personal Data Protection Bill, 2023,” imposes substantial fines on those found guilty of violating its provisions. For offenses related to the processing of personal data, fines can range from $125,000 to $2 million or an equivalent amount in Pakistani rupees, depending on the severity of the breach. Violations involving sensitive or critical personal data may attract higher fines.

Commission’s Authority

The National Commission for Personal Data Protection (NCPDP) has the authority to issue notices to individuals and organizations found to be contravening the provisions of the act. Failure to comply with these notices may result in additional penalties, including the suspension or termination of registration.

Safeguarding Corporate Accountability

In order to hold organizations accountable for data breaches, the bill permits the NCPDP to impose fines not exceeding one percent of their annual gross revenue in Pakistan or $200,000, whichever is higher, or an equivalent amount in Pakistani rupees.

Strengthening Data Protection in the Digital Economy

The Personal Data Protection Bill, 2023, represents a significant step toward enhancing data privacy rights and establishing a framework to foster fair practices in Pakistan’s growing digital economy. Once enacted, the bill will ensure that personal data is treated with the utmost care and respect, safeguarding the rights of individuals, businesses, and the government in an increasingly interconnected world.

The bill is set to come into force within two years of its promulgation, giving individuals and organizations ample time to align their data processing practices with the new regulations. The government’s commitment to data protection is expected to build public trust and confidence in the digital landscape, ultimately fostering a secure and thriving digital ecosystem in the country.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube