Friday Jul 03, 2026
Thursday, 2 July 2026 04:11 - - {{hitsCtrl.values.hits}}


The 2nd Data Protection Officer (DPO) Awarding Ceremony was successfully held on 24 June 2026 at BMICH, marking another significant milestone in strengthening Sri Lanka’s data protection and privacy landscape.
This prestigious event brought together key stakeholders, industry leaders, and emerging professionals to celebrate the achievements of a new generation of certified Data Protection Officers. The ceremony was graced by the Chief Guest Data Protection Authority Director General Dimuth Bhashitha Atapattu, whose presence underscored the growing national priority of advancing robust data protection practices and regulatory compliance.
The ceremony follows the success of our inaugural awarding ceremony held in November 2025, where 50 Certified DPOs were honored for the very first time. Together, these two cohorts represent a growing community of highly skilled professionals dedicated to ensuring compliance, trust, and resilience in data governance.
The awarding ceremony not only highlighted the importance of data protection in today’s business and regulatory environment but also underscored the commitment to building a future ready workforce capable of addressing emerging challenges in cybersecurity and privacy
The ceremony also acknowledged the invaluable contributions of the Key Resource Panel, whose expertise and guidance have been instrumental in shaping the learning journey of the graduating officers. The panel comprises General Counsel, DPO, Member of the PDPA Drafting Committee Trinesh Fernando, Nestle Lanka Asst. Director - Legal & Regulatory Affairs/Company Secretary Keerthi Pathiraja, Legal Consultant and Research Fellow in Technology, Media, and Telecommunications Law Ashwini Natesan, DL&F De Saram Consultant Counsel Shenuka Jayalath and Dialog Axiata PLC Assistant Manager – Regulatory Rashmin Tirimanne De Silva
Their collective insights and practical expertise in data governance, legal compliance, and emerging privacy challenges have ensured that participants receive a well-rounded and industry relevant education. As a result, the newly certified officers are well positioned to serve as trusted custodians of organisational data, driving responsible data practices across sectors.
The 2nd DPO Awarding Ceremony stands as a testament to the ongoing efforts to build a strong, compliant, and privacy conscious digital ecosystem in Sri Lanka, reinforcing the nation’s commitment to data protection excellence in an increasingly interconnected world.
Under Sri Lanka’s Personal Data Protection Act No. 22 of 2025 (PDPA), appointing a Data Protection Officer (DPO) is not merely a best practice but a mandatory legal requirement for both government and private sector organisations in specified circumstances. For public authorities, including ministries, government departments, and public corporations, the designation of a DPO is compulsory to ensure compliance with the Act’s provisions. In the private sector, a DPO must be appointed where core processing activities involve regular and systematic monitoring of data subjects or processing of special categories of personal data on a prescribed scale. The DPO serves as the designated guardian of data protection, responsible for advising the organisation on compliance, facilitating staff training, conducting data protection impact assessments, and acting as the primary point of contact with the Data Protection Authority. With the PDPA fully enforced, organisations failing to appoint a qualified DPO where required risk significant penalties and regulatory action.
CICRA Campus continues to lead the way in empowering organisations and professionals to meet global data protection standards. With the PDPA soon going to be in effect, the demand for qualified Data Protection Officers is at an all-time high. Don’t miss this opportunity to become a certified leader in this critical field.
To enroll in the upcoming DPO Training Program and for further details, please contact CICRA today on 0710 600 800.
CICRA and Daily FT have announced the 2nd Data Privacy and Protection Summit 2026, scheduled to take place on 23 July at the Oak Room, Cinnamon Grand, Colombo. This landmark event is designed to equip Sri Lankan organisations, both public and private, with the knowledge, strategies, and tools needed to achieve full compliance ahead of the imminent enforcement of the Personal Data Protection Act (PDPA). As regulatory deadlines approach and cyber threats evolve, this summit serves as a vital platform for businesses to stay ahead of the curve, mitigate risks, and build robust data governance frameworks.
Registration for the summit is now open by visiting www.dataprotectionsummit.lk to register online.
-Pix by Upul Abayasekara