SecurePrivacy Logo

Bangladesh Data Protection Act

View Law Text
Maximum Fine
BDT 50M
Scope
National
Regulator
DPO
Enacted
2023

Need Help with Bangladesh Data Protection Act Compliance?

Get expert guidance on implementing Bangladesh's data protection requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Bangladesh Data Protection Act establishes comprehensive requirements for the processing of personal data, with a focus on data localization and protection of citizens' privacy rights.

Key Facts

  • Enacted in 2023
  • Enforced by Data Protection Office
  • Includes strict data localization requirements

Key Principles

Lawful Processing

Personal data must be processed lawfully and with proper authorization.

Requirements

  • Obtain valid consent
  • Identify legal basis
  • Document processing grounds
  • Regular compliance reviews
  • Maintain processing records

Examples

  • Consent mechanisms
  • Legal basis documentation
  • Processing records
  • Compliance reports

Data Security

Implementation of appropriate security measures to protect personal data.

Requirements

  • Implement security controls
  • Regular risk assessments
  • Staff training
  • Incident response plans
  • Security monitoring

Examples

  • Security policies
  • Training programs
  • Incident procedures
  • Monitoring systems

Data Localization

Critical personal data must be stored and processed within Bangladesh.

Requirements

  • Identify critical data
  • Local storage implementation
  • Cross-border transfer controls
  • Regular audits
  • Compliance monitoring

Examples

  • Data classification
  • Storage policies
  • Transfer procedures
  • Audit reports

Compliance Requirements

Registration Requirements

Organizations must register with the Data Protection Office before processing personal data.

Implementation Steps

  • Submit registration application
  • Pay registration fees
  • Document processing activities
  • Maintain registration status
  • Update when changes occur

Required Documentation

  • Registration certificates
  • Payment records
  • Processing inventories
  • Status updates
  • Change notifications

Data Localization Requirements

Critical personal data must be stored and processed within Bangladesh.

Implementation Steps

  • Identify critical data
  • Implement local storage
  • Document data locations
  • Monitor compliance
  • Regular audits

Required Documentation

  • Data classification records
  • Storage location maps
  • Compliance reports
  • Audit logs
  • Review documentation

Enforcement & Penalties

Administrative Penalties

The Data Protection Office can impose administrative penalties for violations of the Data Protection Act.

Penalty Categories

Severe Violations
Up to BDT 50M
For serious breaches of data protection requirements
Processing Violations
Up to BDT 25M
For unauthorized processing of personal data
Registration Failures
Up to BDT 10M
For failure to register or maintain registration

Example Cases

Technology Company
BDT 30M
2023 - Unauthorized data transfers outside Bangladesh
Financial Institution
BDT 20M
2023 - Insufficient security measures leading to data breach

Criminal Penalties

Serious violations may result in criminal prosecution.

Penalty Categories

Intentional Violations
Up to BDT 50M and imprisonment
For deliberate violations of the Act
False Information
Up to BDT 20M
For providing false information to authorities
Obstruction
Up to BDT 15M
For obstructing investigations

Example Cases

Data Breach Case
BDT 40M
2023 - Intentional concealment of major data breach
Compliance Violation
BDT 25M
2023 - Repeated non-compliance with DPO orders