Pakistan: Announced Pakistan Personal Data Protection Bill containing data protection measures

The draft Personal Data Protection Bill is approved by the Pakistan Federal Cabinet to be debated by the legislature. The National Commission for Personal Data Protection (NCPDP) is established as the main enforcer of data protection prescriptions. According to the Bill, users must be notified and give their consent when their personal data is collected, used for a purpose different from the collection purpose or disclosed to a third party. Data controllers shall take steps to protect personal data and ensure that they are accurate, complete, and updated, and the retention of data shall be proportional to the purposes of the collection. Moreover, data controllers shall notify the NCPDP in case of a relevant data breach within 72 hours. Users have the right to: be informed about the processing of their personal data; access or have a copy of their personal data processed by a data controller (under the payment of a fee), request correction or erasure of such data, withdraw the consent to personal data processing. Finally, data controllers must keep a record of any notice, request or breach concerning personal data.