Learn Privacy

Know Your Privacy Obligations

Want to check which privacy laws apply to you

Take Privacy Quiz

Check out our quick privacy quiz

Why (DBoM) Data Bill of Materials

The Data Bill of Materials (DBoM) records the ownership, sharing history, storage and collection purpose of a unit of data.

Blogs

Get latest information on data security,
data protection, and data privacy.

Events

Meet us in person or virtually in
upcoming events!

News

Be the first to catch our latest news,
happenings and more.

Follow Us

Products

Privacy Automation

TurtleShield PA (Privacy Automation) automates and streamline privacy-related processes and tasks.

Data Inventory

TurtleShield DI (Data Inventory) automates data asset inventory and performs realistic data mapping.

Privacy Intelligence

TurtleShield PI (Privacy Intelligence) applies the unique oil drilling-like approach to data discovery across the entire data footprint and not just a subset of data.

Data Minimization

TurtleShield DM (Data Minimization) helps you reduce the data and focus on enterprise-centric data.

Assured Deletion

With TurtleShield AD (Assured Deletion) businesses are empowered to comply with mandatory deletion of personal data.

Consent Management

TurtleShield CM (Consent management) is the process of obtaining, tracking, and managing individuals' consent for the collection and processing of their personal data.

Responsible AI

TurtleShield RA (Responsible AI) enables organizations to assess AI risk for internal applications and Third Party softwares utilizing AI.

Training and Awareness

TurtleShield TA (Training and Awareness) provides modern & engaging awareness solutions focused on effective privacy implementations that reach the last mile in your organization.

Solutions
Build Consumer Trust

Responsibility to protect customer data, opportunity to build brand value

Robust Enterprise Security

Implement a data-centric security approach which is aligned to your business-critical data.
Case Study / Use Cases

Fintech/BFSI

E-Commerce

Insurance

Banking

Data Protection (UK)

Heathcare Use Case

Edutech Use Case

TMT Use Case
Privacy Profit Center

Transform privacy from cost center to profit center

Data Minimization

Minimize data, and reduce business risk with data minimization

Industry

Fintech/BFSI

Privacy and meaningful data centric security for your Fintech/BFSI

Healthcare

Importance of data privacy in healthcare organizations

E-commerce

Safeguarding data privacy in E-commerce Industry

Insurance

Navigating data privacy regulations in the Insurance Industry

Edutech

Data protection in EduTech Industry is the need of the hour

Technology, Media &
Telecommunications (TMT)

The importance of data privacy in the TMT Industry

Compliance
Privacy

Data privacy compliance

India (DPDPA)

USA - United States (UCPA)

Europe (GDPR)

Australia - Privacy Act

Bahrain - (PDPL)

Brazil - (LGPD)

Angola - (PDPL)

Ukraine - (PDP)

California - (CCPA)

China - (PIPL)

Colorado - (CPA)

Connecticut - (CTDPA)

Ghana - (DPA)

Irish - (DPA)

Kenya - (DPA)

UK - (DPA)

Russia Fedral Law

Nigeria - (DPA)

Honkong - (PDPO)

Indonesia - (PDP)

Japan - (APPI)

Kuwait - (DPPR)

Malaysia - (PDPA)

Oman - (PDPL)

Philippines - (DPA)

New Zealand Privacy Act

Qatar - (PDPP)

Saudi Arabia - (PDPL)

Singapore - (PDPA)

South Africa - (POPIA)

South Korea - (PIPA)

Srilanka - (PDPA)

Thialand - (PDPA)

Uganda - (DPPA)

Virginia - (CDPA)
Security

Data security compliance

Cyber Security - IRDAI

Reserve Bank - RBI
Sectoral

Sectoral compliance

COPPA

FERPA

HIPAA

Telecom TRAI
Company

About us

Ardent is on a mission to help enterprises implement meaningful security and privacy programs aligned to their business mission; building trust, and protecting data assets.

Pricing

Get pricing aligned to your business needs. Stay data protected with best plans tailored to your needs.

Contact us

Contact us to know more about how Ardent can help you implement a robust privacy program.

Sri Lanka Personal Data Protection Act | Sri Lanka PDPA

Personal Data Protection Act (PDPA) - Sri Lanka

The Parliament of Sri Lanka recently passed the Personal Data Protection Act, No. 9 of 2022, on 19 March 2022. With its passing, Sri Lanka has joined a burgeoning list of countries with data protection regulations in place.

Key Obligations & Consequences

Ensuring that personal data that is processed is accurate and kept up to date, with every reasonable step being taken to erase or rectify any inaccurate or outdated personal data, without overdue delay.

Ensuring that personal data is kept in a form which permits identification of data subjects only for such period which is necessary or required to achieve the purpose for which the data was processed. A controller may store personal data for longer periods if the personal data is being processed further for archiving purposes in the public interest, scientific research, historical research or statistical purposes.

Ensuring integrity and confidentiality by using measures such as encryption, pseudonymisation, anonymisation or access controls in order to prevent the unauthorized or unlawful processing of personal data or loss, destruction or damage of personal data.

Processing personal data in a transparent manner, by providing data subjects with information relating to the collection of data and information regarding any decisions made in relation to requests made by data subjects, in writing or by electronic means and “in a concise, transparent, intelligible and easily accessible form”.

Ensuring that the processor (who is carrying out processing on behalf of the controller) is bound by a contract setting out the parameters of such processing, and is using appropriate technical and organizational measures to protect the rights of the data subjects.

Key Challenges in brief:

Under the DPA, the data controller has to maintain the following key records, amongst others:

Personal data collected (“Data Inventory”)
Retention period for the personal data (“Data Minimization”)
Rights and methods in accessing the personal data (“Data Subject Rights”)

International transfer of personal data

This is permissible under the DPA in a limited number of circumstances. Therefore, the data flow (outgoing personal and sensitive data) ought to be monitored appropriately.

Data Breach notification

Using the centralized database along with the necessary workflow, automate all data breach notifications that alert all the concerned parties, such as the regulatory authorities and affected data subjects, as soon as possible, as well as setting a response plan in action.

Fulfillment of Data Subject rights

Data subjects have a series of rights conferred upon them by the PDPA, for instance right to access, right to withdrawal of consent, right to rectification, right to appeal, right to erasure, individual data subjects raise various requests pertaining to their individual data subject rights.

Data Retention/Minimization/Deletion

PDPA stipulates that an organization should not retain personal data for longer than is necessary to achieve the specified purpose of processing of data. This is subject to the exception of the retention period enshrined under the PDPA. Post mandatory retention period, it has to be erased / deleted.

Key Obligations & Consequences

Key Challenges in brief:

Under the DPA, the data controller has to maintain the following key records, amongst others:

Personal data collected (“Data Inventory”)
Retention period for the personal data (“Data Minimization”)
Rights and methods in accessing the personal data (“Data Subject Rights”)

International transfer of personal data

This is permissible under the DPA in a limited number of circumstances. Therefore, the data flow (outgoing personal and sensitive data) ought to be monitored appropriately

Data Breach notification

Fulfillment of Data Subject rights

Data Retention/Minimization/Deletion

Personal Data Protection Act (PDPA) - Sri Lanka

Key Obligations & Consequences

Key Challenges in brief:

International transfer of personal data

Data Breach notification

Fulfillment of Data Subject rights

Data Retention/Minimization/Deletion

Key Obligations & Consequences

Key Challenges in brief:

Featured News & Blogs

Data Fiduciary Obligations Under India's Digital Personal Data Protection Act, 2023

Maryland General Assembly Passes Maryland Online Data Privacy Act (MODPA)

Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern

The European Parliament Adopts the AI Act (EU AI Act)

Be the first to catch our latest updates,
happenings and more.

Follow us

Solutions

Products

Company

Know Your Privacy Obligations

Take Privacy Quiz

Why (DBoM) Data Bill of Materials

Blogs

Events

News

Follow Us

Know Your Privacy Obligations

Take Privacy Quiz

Why (DBoM) Data Bill of Materials

Blogs

Events

News

Follow Us

Privacy Automation

Data Inventory

Privacy Intelligence

Data Minimization

Assured Deletion

Consent Management

Responsible AI

Training and Awareness

Privacy Automation

Data Inventory

Privacy Intelligence

Data Minimization

Assured Deletion

Consent Management

Responsible AI

Training and Awareness

Build Consumer Trust

Robust Enterprise Security

Case Study / Use Cases

Privacy Profit Center

Data Minimization

Build Consumer Trust

Robust Enterprise Security

Privacy Profit Center

Data Minimization

Case Study / Use Cases

Fintech/BFSI

Healthcare

E-commerce

Insurance

Edutech

Technology, Media & Telecommunications (TMT)

Fintech/BFSI

Healthcare

E-commerce

Insurance

Edutech

Telecommunications

Privacy

Security

Sectoral

Privacy

Security

Sectoral

About us

Pricing

Contact us

About us

Pricing

Contact us

Personal Data Protection Act (PDPA) - Sri Lanka

Key Obligations & Consequences

Key Challenges in brief:

International transfer of personal data

Data Breach notification

Fulfillment of Data Subject rights

Data Retention/Minimization/Deletion

Key Obligations & Consequences

Key Challenges in brief:

Featured News & Blogs

Data Fiduciary Obligations Under India's Digital Personal Data Protection Act, 2023

Maryland General Assembly Passes Maryland Online Data Privacy Act (MODPA)

Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern

The European Parliament Adopts the AI Act (EU AI Act)

Be the first to catch our latest updates, happenings and more.

Follow us

Technology, Media &
Telecommunications (TMT)

Be the first to catch our latest updates,
happenings and more.