Bangladesh Data Protection Act
View Law TextNeed Help with Bangladesh Data Protection Act Compliance?
Get expert guidance on implementing Bangladesh's data protection requirements and ensuring ongoing compliance for your organization.
Get Expert HelpOverview
The Bangladesh Data Protection Act establishes comprehensive requirements for the processing of personal data, with a focus on data localization and protection of citizens' privacy rights.
Key Facts
- Enacted in 2023
- Enforced by Data Protection Office
- Includes strict data localization requirements
Key Principles
Lawful Processing
Personal data must be processed lawfully and with proper authorization.
Requirements
- Obtain valid consent
- Identify legal basis
- Document processing grounds
- Regular compliance reviews
- Maintain processing records
Examples
- Consent mechanisms
- Legal basis documentation
- Processing records
- Compliance reports
Data Security
Implementation of appropriate security measures to protect personal data.
Requirements
- Implement security controls
- Regular risk assessments
- Staff training
- Incident response plans
- Security monitoring
Examples
- Security policies
- Training programs
- Incident procedures
- Monitoring systems
Data Localization
Critical personal data must be stored and processed within Bangladesh.
Requirements
- Identify critical data
- Local storage implementation
- Cross-border transfer controls
- Regular audits
- Compliance monitoring
Examples
- Data classification
- Storage policies
- Transfer procedures
- Audit reports
Compliance Requirements
Registration Requirements
Organizations must register with the Data Protection Office before processing personal data.
Implementation Steps
- Submit registration application
- Pay registration fees
- Document processing activities
- Maintain registration status
- Update when changes occur
Required Documentation
- Registration certificates
- Payment records
- Processing inventories
- Status updates
- Change notifications
Data Localization Requirements
Critical personal data must be stored and processed within Bangladesh.
Implementation Steps
- Identify critical data
- Implement local storage
- Document data locations
- Monitor compliance
- Regular audits
Required Documentation
- Data classification records
- Storage location maps
- Compliance reports
- Audit logs
- Review documentation
Consent Management
Organizations must obtain and manage valid consent for data processing.
Implementation Steps
- Implement consent mechanisms
- Record consent collection
- Enable withdrawal options
- Regular consent reviews
- Update consent records
Required Documentation
- Consent forms
- Collection records
- Withdrawal procedures
- Review logs
- Update history
Enforcement & Penalties
Administrative Penalties
The Data Protection Office can impose administrative penalties for violations of the Data Protection Act.
Penalty Categories
Example Cases
Criminal Penalties
Serious violations may result in criminal prosecution.