The recently approved “Personal Data Protection Bill, 2023” in Pakistan spells out strict consequences for mishandling personal data.
Those found guilty of processing, disseminating, or disclosing personal information without proper authorization may face fines reaching up to $2 million or the equivalent amount in Pakistani rupees.
The bill aims to regulate the collection, processing, use, and transfer of personal data, emphasizing the protection of individual data privacy rights. It also establishes the National Commission for Personal Data Protection (NCPDP) to enforce compliance with the new law.
With the rapid growth of digital technology and online activities, safeguarding personal information has become crucial. The bill seeks to ensure that personal data is collected lawfully and used only for specified legitimate purposes. It also mandates entities to register with the Commission and appoint data protection officers for enhanced accountability.
Any breach of personal data must be promptly reported to the Commission and the affected individuals, reinforcing transparency and accountability.
Moreover, when transferring data outside Pakistan, stringent standards must be met to maintain data protection levels.
The bill sets different fines based on the sensitivity of the data involved, with severe penalties for handling critical personal data. Entities failing to implement adequate security measures or comply with the Commission’s orders may also face significant fines.
By enacting this comprehensive legislation, Pakistan aims to cultivate trust in the digital economy and safeguard individuals’ privacy rights in an ever-evolving technological landscape.