Bangladesh has approved two major ordinances designed to strengthen the privacy, security, and ownership of citizens’ personal data as the country prepares to launch a national data exchange platform and unified digital ID system. The Personal Data Protection Ordinance, 2025, and the National Data Governance Ordinance, 2025, were formalized on October 9, marking a significant step toward aligning with global standards such as the EU’s GDPR and India’s Digital Personal Data Protection Act.
A National Responsible Data Exchange (NRDEX) platform will enable secure data sharing between public and private organizations, while the Unified Digital Identity system will allow citizens to access government services with a single ID. Similar reforms are taking place in Sri Lanka, which is advancing its own data protection rules and digital ID efforts with Indian support.
The Personal Data Protection Ordinance establishes citizens as the rightful owners of their personal data and requires explicit consent for collection, storage, transfer, and use. It grants individuals the right to access, correct, delete, and restrict automated decisions involving their data. Sensitive categories such as financial and health information receive enhanced protections, and children’s data faces strict safeguards, including mandatory parental consent and a ban on targeted advertising. Violations will lead to administrative penalties and fines.
The National Data Governance Ordinance sets up a national data management authority to define policies, oversee compliance, address complaints, and maintain a National Source Code Repository to prevent vendor lock-in and ensure accountability across data processors and custodians.
Together, these laws aim to strengthen human rights, boost investor confidence, and promote cross-border digital business, reinforcing Bangladesh’s broader digital transformation agenda.
