Mandate, Mision Statement & Values

The DPA is mandated to:

1. regulate the processing of personal data in accordance with the PDPA;
2. safeguard the privacy of data subjects from any adverse impact arising from the digitalization of the procedures and services in the public and private sectors;
3. provide for mechanisms to ensure the protection of the personal data of data subjects engaged in digital transactions and communications;
4. ensure regulatory compliance with the provisions of PDPA to facilitate growth and innovation in the digital economy.

The PDPA provides comprehensive powers to the DPA, including rule-making, advisory, awareness-raising, oversight, authorization, licensing, complaint handling, investigative, corrective and enforcement powers

The DPA of Sri Lanka is also tasked to ensure compliance with data protection obligations under international conventions and manage technical cooperation and exchange with foreign DPAs and international or inter-governmental organizations, on its own behalf or on behalf of the government.

We aspire to enhance public trust in the protection of personal data, while facilitating digitalization and economic growth, and fostering responsible innovation.