The capabilities to create, use, store, and transfer data has been one of the major and ever-changing developments of the recent decades. However, the challenge is in securely handling the information as data management is becoming increasingly complicated. This is more so because of the cross-border transportation of sensitive personal data, and the multi-jurisdictional and cloud-based storage of data and the involvement of various national and international laws. Therefore, understanding and implementing a legally compliant and practically viable data protection infrastructure is extremely important for companies.
Bangladesh’s data protection and privacy laws are relatively new especially after the introduction of the Digital Security Act on top of the subsisting ICT Act, and in addition to the specific laws, various other domestic laws may also impact data protection and privacy in Bangladesh. Therefore, a comprehensive and clear understanding of all applicable Bangladesh laws is very significant for international companies exchanging any data or information with counterparts.
The Firm has significant experience in counselling international clients on issues related to data protection and privacy in Bangladesh. Our attorneys regularly represent a variety of businesses on a number of complicated transactions, thereby attaining in-depth knowledge about how different industries function, the specific concerns with respect to data and information management, and the practical aspects. The clients range from industries such as banking and insurance, financial institutions, luxury goods, consumer goods, health care, payroll processing companies, pharmaceuticals, telecommunications and internet service providers, credit research agencies, employee screening companies, etc. Our data protection and privacy practice has grown as one of the best practices in Bangladesh, based on the quality of deliverables, practical, clear and timely advice, and the ability to provide comprehensive business solutions in a legally compliant manner. In addition to providing regular legal advice on issues involving data protection and privacy, we also assist a number of international companies on global privacy law projects that involve Bangladesh, drafting and negotiating contracts with counterparts, preparation of Bangladesh law compliant data protection and privacy policies for international companies’ Bangladesh subsidiaries.We provide extensive support to our clients in the following areas:
- Advising on processing data domestically, complying with the regulatory requirements and the disclosure of processing to data subjects.
- Advising on transfers of sensitive personal data within and outside Bangladesh.
- Advising on security breaches and drafting security breach policies.
- International compliance projects including implementing corporate rules and handling cross-border data flows.
- Advising on prosecutions and offences, and on actions by the regulators.
- Conducting audits
A few recent work experiences are outlined below:
- Have advised Alipay and Ant Financial is a large number of matters encompassing data transfer, data privacy, AML regulations etc.
- Microsoft – We have been working for Microsoft since 2012 for various matters including data protection, privacy and information technology laws, statutory requirements and maintenance of the relevant country regulatory framework document in this respect. Recntly we have advised Microsoft on an sensitive project with Bangladesh Govt. in security domain
- Advised Facebook in a number of privacy matters
- Advised Google in a number of privacy matters
- Advises IBM in various cross border data transfer and encryption issues
- Mastercard - We advise Mastercard in cross border exchange of information for subscribers
- Moneygram - We advised Mastercard in cross border exchange of information for subscribers
- UN MHealth Project – We acted in this project for a regulatory analysis of Bangladesh framework on transfer of health information through mobile network locally and globally. Merck was a sponsor to the project along with the United Nations.
- Telenor - We advise Telenor on regular basis on local regulations on access to information, data protection, surveillance by the Government authorities and rights conferred under various laws of Bangladesh.
- Veon - We advise Veon on regular basis on local regulations on access to information, data protection, surveillance by the Government authorities and rights conferred under various laws of Bangladesh. Recently we have advised them in Crossborder transfer of employee, subscriber and network data
- Telstra - We advised Telstra in establishing a global hub in Bangladesh and advised relevant information transfer regulations in collaboration to Tata providing interconnection
- HSBC - We have recently advised HSBC in its creation of service entities within its structure and relevant arrangement with local subsidiaries for supply of services by such entities including regulations on the relevant transfer of subscriber information and financial data.
- Belgacom – Belgacom is a leading global mobile remittance hub. We advised Belgacom on various issues with respect to arrangements with Bangladesh counterparties including regulation on transfer of mobile financial data.
- JLL – Earlier we also advised JLL with respect to a number of bank management contracts which also included advising on bank information security requirements
- Iron Mountain – At the moment we are also working with Iron Mountain on an information maintenance and retention requirements repository project with particular emphasis on the banking sector.
- Baker Hughes - We also advised Baker Hughes with respect to information security and transfer requirements for the hydrocarbon exploration data. Besides we have advised various banks over transfer of information on crossborder basis including Wells Fargo, JP Morgan, Deutsche Bank, Bank of America Merrill Lynch, Noor Bank, Masharek Bank, LGT Bank etc.