šµš° Pakistan
Informations
Extracts :
Extract :
No mention of the subject rignt related to Citizens outside their jurisdiction
2021
Reference :
Pakistan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
No mention of the subject rignt related to Persons within their jurisdiction
2021
Reference :
Pakistan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
No mention of the subject rignt related to Legal entities
2021
Reference :
Pakistan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
No mention of the data controller's obligation/responsibility to Organizations located outside the jurisdiction processing regulated subjects data.
2021
Reference :
Pakistan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
"Section 48.7: In case of failure of the data controller or data processor, as the case may be, to respond to the NCPDP or to execute its orders, the NCPDP may initiate enforcement proceedings as per rules prescribed under the Bill."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
"The legal person shall be punished with fine not exceeding 1% of its annual gross revenue in Pakistan or PKR 30 million [(approx. ā¬151,300)], whichever is higher, provided that such punishment shall not absolve the liability of the individual who has committed
the offence."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
"The legal person shall be punished with fine not exceeding 1% of its annual gross revenue in Pakistan or PKR 30 million [(approx. ā¬151,300)], whichever is higher, provided that such punishment shall not absolve the liability of the individual who has committed
the offence."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
"Within the banking sector, the Payment Systems and Electronic Funds Transfers Act, 2007 provides for the secrecy of financial institutions' customer information; violation is punishable with imprisonment or a financial fine, or both. For the telecoms industry, the Telecom Consumer Protection Regulations, 2009 confer on subscribers of telecoms operators the right to lodge complaints for any illegal practices with the Pakistan Telecommunication Authority, "illegal practices" being a broad term which includes, inter alia, illegal use of personal data of subscribers."
Reference :
ICLG Website
Link to reference Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
"The Bill does not provide for claims or causes of action.
Under the right to prevent processing likely to cause damage or distress, Section 25.4 provides that, 'Where the data subject is dissatisfied with the failure of the data controller to comply with the data subject notice, whether in whole or in part, under Section 25.3(b), the data subject may submit a complaint to the [NCPDP] to require the data controller to comply with the data subject notice.'
[Note: Section 25 provides for the right to prevent processing likely to cause damage or distress.]"
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
"Unauthorised access to information system or data
Section 3 of PECA states that whoever with dishonest intention gains unauthorised access to any infor- mation system or data will have committed an offence and shall be punished with imprisonment for a term which may extend to three months, or with a fine which may extend to PKR 50,000 (approx. ā¬230), or with both.
Unauthorised copying or transmission of data
Section 4 of PECA provides that whoever, with dishonest intention and without authorisation, copies or otherwise transmits or causes to be transmitted any data shall be punished with imprisonment for a term which may extend to six months, or with a fine which may extend to PKR 100,000 (approx. ā¬460), or with both.
Interference with information system or data
Section 5 of PECA refers to the offence of illegal interference with information systems or data, such that whoever with dishonest intention, interferes with, or damages, or causes to be interfered with or damage any part or whole of an information system or data shall be punished with imprisonment for a term which may extend to two years, or with a fine which may extend to PKR 500,000 (approx. ā¬2,280), or with both.
Critical infrastructure information system or data
Section 6 of PECA refers to the offence of unauthorised access to any critical infrastructure information system or data, which is punishable with imprisonment for a term which may extend to three years, or with a fine which may extend to PKR 1 million (approx. ā¬4,570), or with both.
ļ·
Section 8 of PECA provides that interference with or damage caused to such critical infrastructure infor- mation system or data shall be punished with imprisonment for a term which may extend to seven
Section 7 of PECA provides that unauthorised copying or transmission of such critical infrastructure data shall be punished with imprisonment for a term which may extend to five years, or with a fine which may extend to PKR 5 million (approx. ā¬22,820), or with both.
years, or with a fine which may extend to PKR 10 million (approx. ā¬45,660), or with both."
2022
Reference :
Pakistan Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"Unlike the GDPR, the Bill does not establish DPIA requirements and only generally notes that the NCPDP
may consider addressing DPIA at a later date."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
There is no comment by DataGuidance.
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
"Section 13.1: In the event of a personal data breach, the data controller shall, without undue delay and where reasonably possible, not beyond 72 hours of becoming aware of the personal data breach, notify the NCPDP and the data subject in respect of the personal data breach except where the personal data breach is unlikely to result in a risk to the rights and freedoms of data subject."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
"Section 13.1: In the event of a personal data breach, the data controller shall, without undue delay and where reasonably possible, not beyond 72 hours of becoming aware of the personal data breach, notify the NCPDP and the data subject in respect of the personal data breach except where the personal data breach is unlikely to result in a risk to the rights and freedoms of data subjec"
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
"Section 13.5: The data processor shall also follow the personal data breach notification requirements provided under this section in the event of becoming aware of a personal data breach."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
"Section 23 of the Bill provides that a data subject may by notice in writing withdraw his or her consent
to the processing of personal data in respect of which he or she is the data subject. The data controller
shall, upon receiving such notice, cease the processing of the personal data.
Section 25(1) of the Bill states that a data subject may, at any time by notice in writing to a data controller, require the data controller at the end of such period as is reasonable in the circumstances:"
2021
Reference :
Pakistan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"The data subjects have the right to data portability"
Reference :
ICLG Website
Link to reference Extracts :
Extract :
ā8.7. Right not to be subject to automated decision-making
Section 28 of the Bill protects the data subject's right to not be subject to a decision based solely on automated
processing, including profiling.ā
2021
Reference :
Pakistan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.1. Right to be informed
Section 16 of the Bill provides that an individual is entitled to be informed by a data controller whether
personal data of which that individual is the data subject is being processed by or on behalf of the data
controller."
2021
Reference :
Pakistan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.1. Right to be informed
Section 16 of the Bill provides that an individual is entitled to be informed by a data controller whether
personal data of which that individual is the data subject is being processed by or on behalf of the data
controller."
2021
Reference :
Pakistan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.2. Right to access
Section 16(2) of the Bill provides that a Requestor may upon payment of a prescribed reasonable fee on
administrative cost make a data access request to the data controller:
ā¢ for information of the data subject's personal data that is being processed by or on behalf of
the data controller; and
ā¢ to have communicated to him or her a copy of the personal data in an intelligible form."
2021
Reference :
Pakistan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.3. Right to rectification
Section 19 of the Bill provides that a data subject may request the correction of his/her personal data
where:
ā¢ a copy of the personal data has been supplied by the data controller in compliance with the
data access request, and the requestor considers that the personal data is inaccurate, incomplete,
misleading, or not up-to-date; or
ā¢ the data subject knows that his or her personal data being held by the data controller is inaccurate,
incomplete, misleading, or not up-to-date."
2021
Reference :
Pakistan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.4. Right to erasure
Section 27 of the Bill provides the data subject with the right to obtain the erasure of personal data concerning
him or her from the data controller without undue delay and the data controller shall have the
obligation to erase personal data within 14 days where at least one of the following conditions applies"
2021
Reference :
Pakistan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Extracts :
Extract :
Data entered based on reference.
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
"The Bill does not address this matter."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
"There is no express requirement in the Bill; however, while discussing the power of the National Commission for Personal Data Protection of Pakistan, the Bill confers upon it the power to formulate responsibilities of the Data Protection Officer. Therefore, the proposed National Commission for Personal Data Protection of Pakistan, when established, will devise the appointment requirements."
Reference :
ICLG Website
Link to reference Extracts :
Extract :
"The Bill does not address this matter."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
"The Bill does not refer to DPOs beyond generally providing that the NCPDP may address such matters in the form of a compliance framework, as well as in relation to breach notifications to the NCPDP under Sections 13.3(b) and 34(2)(c) (viii)."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
"The Bill does not address this matter."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
Extracts :
Extract :
"There is no express requirement in the Bill; however, while discussing the power of the National Commission for Personal Data Protection of Pakistan, the Bill confers upon it the power to formulate responsibilities of the Data Protection Officer. Therefore, the proposed National Commission for Personal Data Protection of Pakistan, when established, will devise the appointment requirements."
Reference :
ICLG Website
Link to reference Extracts :
Extract :
"Section 13.1 provides that the requirement to notify a breach applies, except where the personal data breach is unlikely to result in a risk to the rights and freedoms of data subject."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
Extract :
Extracts :
Extract :
Extract :
Extracts :
Extract :
Extract :
Extracts :
Extract :
Extract :
Extracts :
Extract :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"The Bill does not provide specific exemptions from record keeping."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - PAK
Extracts :
Extract :
| Name | Short name | Classification | Jurisdiction | Year of creation |
|---|---|---|---|---|
| Pakistan Telecommunication Authority (PTA) | PTA | Regulator | Independant agency | 1994 |
| Legal text name | Original text name | Legislation type | Year signed | Regulation status | In effect since | Latest update initiated | Latest update areas | Latest update signed year |
|---|