Data privacy has changed from being an option to a necessity. “We’re at a pivotal stage when it comes to protecting data,” Founder and CEO of Enprivacy Ranuk Mendis asserted, during a recent LMDtv interview.

He added: “We’ve seen countries such as Singapore, Malaysia and Indonesia introducing stringent data privacy regulations and compliance processes. If Sri Lanka gets its data privacy compliance right, we can set ourselves up as a main competitor in the region.”

Sri Lanka has passed legislation to ensure data privacy through the Personal Data Protection Act No. 9 of 2022.

Mendis explained that “the new law that’s come into force provides us with an effective platform to work off and many organisations are learning how it will impact their businesses.”

“Sri Lanka is currently in a bridging phase as it’s transitioning from a regulation to actual implementation. We need to understand the operational processes, what it means in terms of day-to-day activities, and also the responsibilities of both the organisations and individuals as well,” he pointed out.

Navigating the complexities and intricacies of data privacy requires resources and talent.

Mendis opined: “Sri Lanka has a very strong talent pool in engineering, legal expertise and compliance. However, there needs to be some upskilling when it comes to implementation, and regular running of data privacy programmes and process.”

He added: “The road map is quite long; it begins with comprehension and a mindset change. To achieve this, people need to learn what data protection actually constitutes, what data privacy means and their responsibility in achieving it. It’s possible that users will need to be guided along this road map if it’s to be implemented efficiently.”

Mendis also spoke about the resource requirement for data privacy implementation: “The investment may feel like a burden but data privacy processes provide organisations with great opportunities as they will open up many doors internationally too. There’s also a value add to businesses from an ROI perspective.”

Sri Lanka has much to learn from regional case studies such as Singapore and Malaysia. To this end, he explained that “one lesson is how the region is adapting to data privacy – especially with the increasing use of AI.”

He also explained that “Sri Lanka should learn from other countries in the region and start developing opportunities for itself too. We must ensure that we aren’t perceiving data privacy as a risk and rather, as an opportunity.”

Mendis emphasised: “If you want to do business in the future and hope to transform as a business, data privacy is no longer simply a check box. It is becoming a core component of organisational transformation as it takes a business to the next level. The foundational pillars of digital transformation are data privacy and security.”

Several data breaches in the country and region have highlighted the impact of data privacy risks on both organisations and brands. Individuals are also becoming more concerned about their data, who holds it and what they do with it.

“If an organisation can inform its users about how it’s protecting their data, that’s a good basis for building trust and moving forward,” he elaborated. Nurturing a culture of trust and accountability in organisations is necessary to enable successful data protection.

Mendis continued: “Many organisations have taken it upon themselves to conduct training and awareness raising among its employees to establish the necessary measures to ensure data protection. This cultural shift will take place only when people understand that data protection is more than a legal check box and is instead, part and parcel of the brand and reputation of the organisation.”

“If an enterprise wants to be a global or regional player, data privacy is a focus area that needs to be incorporated as a key function within the business,” he concluded.