run-SG-PDPA-001
Discovery
Acquisition
Authority
Extraction
Structure
Retrieval
Predicate
Map
9
Verify
10
Audit/Export

Source Trace

Digital Security Act 2018 · BD-DSA-2018 · 7 verified · 1 pending · 1 fuzzy-matched
8 clauses mapped across 8 indicators
VerifiedPendingFuzzy
Filter by indicator:
Solid fill = verifiedHatched = pendingStriped = fuzzy OCR match
Extracted text (Crawl4AI + Docling)
DIGITAL SECURITY ACT, 2018 Government of Bangladesh · Act No. 46 of 2018 Part I — Preliminary §2 — Definitions In this Act, unless the context otherwise requires: ‘personal data’ means any information relating to an identified or identifiable natural person; ‘digital security’ means protective measures for digital infrastructure. §3(1) — Agency mandate The Digital Security Agency shall be responsible for the protection of critical digital infrastructure and national security against digital threats and cyberattacks. Part II — Personal Data Obligations §12(3) — Lawful basis No person shall process personal data without the explicit consent of the data subject, except as provided under sections 14, 15 and 18 of this Act. §14(1) — Purpose limitation Data collected for a specific purpose shall not be used for any other purpose without the express consent of the data subject, unless required by law. §21(1) — Data subject rights A data subject shall have the right to obtain confirmation of whether personal data concerning them is being processed, and where that is the case, access to that data. Part V — Crimes and Punishments §26(1) — Data localization Any person who, intentionally or knowingly without lawful authority, collects, sells, takes possession of, supplies or uses any person's identity-related information, shall not save such data, including biometric information, photographs, financial records or registry information, outside the geographic boundaries of Bangladesh. §29(1) — Conditional transfer Cross-border transfer of personal data may be permitted subject to the prior approval of the competent authority and the existence of adequate safeguards. §33(2) — Hacking offences Any person who commits hacking or any illegal access to a computer system with intent to commit another offence under this Act shall be punished accordingly. §35(1) — Breach notification The controller shall notify the supervisory authority of a personal data breach without undue delay and, where feasible, not later than seventy-two hours after having become aware of it. [End of mapped clauses — remaining sections pending classification]
Source document (official text)bdlaws.minlaw.gov.bd

DIGITAL SECURITY ACT, 2018

Government of the People's Republic of Bangladesh

Part I — Preliminary
Section 2. Definitions. — In this Act, unless the context otherwise requires, the following expressions shall have the meanings hereinafter assigned to them… Section 3. (1) The Digital Security Agency shall be responsible for the protection of critical digital infrastructure and national security against digital threats and cyberattacks.
Part II — Personal Data Obligations
Section 12. (3) No person shall process personal data without the explicit consent of the data subject, except as provided under sections 14, 15 and 18 of this Act. Section 14. (1) Data collected for a specific purpose shall not be used for any other purpose without the express consent of the data subject, unless required by law. Section 21. (1) A data subject shall have the right to obtain confirmation of whether personal data concerning them is being processed, and where that is the case, access to that data.
Part V — Crimes and Punishments
Section 26. (1) Any person who, intentionally or knowingly without lawful authority, collects, sells, takes possession of, supplies or uses any person's identity-related information, shall not save such data, including biometric information, photographs, financial records or registry information, outside the geographic boundaries of Bangladesh. Section 29. (1) Cross-border transfer of personal data may be permitted subject to the prior approval of the competent authority and the existence of adequate safeguards. Section 33. (2) Any person who commits hacking or any illegal access to a computer system with intent to commit another offence under this Act shall be punished accordingly. Section 35. (1) The controller shall notify the supervisory authority of a personal data breach without undue delay and, where feasible, not later than seventy-two hours after having become aware of it.