Personal Data

Protection Bill

2021
Introduction
The world has become Global Village
All the data has gone online
Data has become commodity.
Data is the new oil.
OVERVIEW
1) This bill consists of 8 chapters.
2) Chapter 1 deals with naming the bill plus defining important
terminologies used in the bill.
1) This bill has been named Personal Data Protection Act, 2021.
2) It extends to the whole of Pakistan.
3) Important terminologies such as
1) Data Controller
2) Data processor
3) Data Subject
3) As Article 14 of constitution of Pakistan is the basis of this bill
CHAPTER 2
1) It tells us about obligations of Data controller and Data Processor.
2) It includes
1) Protection of Personal Data.
2) Requirements to Collect and Process Data.
3) Cross Border Transfer of Personal Data.
CHAPTER 3
1) Deals with Rights of Data Subjects.
2) It includes
1) Right to Access
2) Right to Correct Personal Data
3) Extent of Disclosure of Personal Data
4) Right to Erasure
5) Rights of Foreign Data Subject
CHAPTER 4
• 1) It deals with Processing Of Personal Data.
• 2) “personal data” means any information that relates directly or
indirectly to a data subject, who is identified or identifiable from that
information or from that and other information in the possession of a
data controller and/or data processor, including any sensitive personal
data.
CHAPTER 5
1. Whenever data controller
1. Receives personal data from data subject first time, it is called “
first collection”
2. while on subsequent occasion it is called “Subsequent collection”
3. time laps between first and subsequent collection should be 12 month

2. Exemptions should be granted to those individuals possesses personal

data when personal data processed for
1. Prosecution of offender
2. Prevention or detention of crime
3. Collection of tax or duty
CHAPTER 6
1. After six months of this act, Federal Government establishes a commission
named NCPDP
2. This commission has 5 members
3. Its functions are
• responsible for protection of interest of data subject
• takes steps to raise public awareness about personal data
• filling of complaints against infringement of these rights under this act
• engage, facilitate, support data controller
• monitor cross-boarder personal data transfer
• take appropriate steps in response to data security breach
• more over it has power to punish those organizations who violate the rules and has
strict penalties against them
CHAPTER 7
1) It deals with complaint and offences.
2) Unlawful Processing of personal Data leads to fine upto fifteen million to
25 million
3) Failure to adopt appropriate data security measures leads to a fine upto
five million rupees
4) Failure to comply with orders of commission leads to 2.5 million
5) In corporate exercises the fine may be 1 percent of Annual Gross Revenue
or 30 million rupees
6)Appeal against the decision of High Court should be referred to the high
court and decision will be made within 90 days
CHAPTER 8
1) Commission can make rules and regulations for various functions
• For its internal working
• For its appointment
• For promotion.
• For termination

2) In case of any difficulty arises Federal Government will resolve the issue
within two years.
3) No provision of any law relating to winding up of bodies corporate shall
apply to the Commission. The Commission shall only be wound up by the law
to be enacted by the Parliament for winding up of the Commission
CRITICISM
1. PDP has following flaws:
• Overly broad powers for the government.
• lack of safeguards for freedom of expression and privacy.
• citing vague definitions.
2. They called for the withdrawal of the bill and the development of
new legislation in consultation with civil society and the technical
community.
3. Other organizations, such as Human Rights Watch and the
Electronic Frontier Foundation, have also criticized the bill.
CONCLUSION
• The report concludes by emphasizing the importance of effective
implementation and enforcement to ensure the success of the bill.
• The act is still in draft form, but it is a good example of the types of
privacy laws that are being adopted around the world in response to
the growing threat to privacy posed by the collection and use of
personal data by businesses and governments.
 RECOMMENDATION

Organization should Regulators should Encourage cooperation Establish a strong Launch public education Provide adequate
take steps to comply ensure enforcement of to solve new difficulties regulatory framework initiatives to make resources to training and
with Data protection bill the bill  in data protection people aware of their awareness programs
rights
‫‪POETRY BY ALLAMA IQBAL‬‬

‫کامیابی اُس کی ہے جو محنت کر سکے‬

‫ناکام وہی ہے جو کوشش چھوڑ دے‬

‫گاہی و ہنر‪ ،‬دونوں کے ساتھ جاؤ‬

‫کامیابی کی راہ میں تباہی نہ الؤ‬