🚀 Quick Start in 4 Steps
Understand PDPA Requirements
Sri Lanka's Personal Data Protection Act (No. 9 of 2022) requires organizations to protect personal data. Key obligations include obtaining consent, implementing security measures, and reporting breaches within 72 hours.
Learn about PDPA →Review the Implementation Guide
Our 5-phase implementation guide takes you from planning to continuous monitoring. Each phase includes detailed tasks, templates, and best practices.
View Implementation Guide →Download Templates & Tools
Access ready-to-use policy templates, data classification guides, and Sri Lankan data patterns (NIC, passport, bank account formats).
Browse Resources →Start Implementation
Begin with Phase 1 (Planning) to secure stakeholder buy-in, conduct gap analysis, and build your implementation roadmap.
Start Phase 1 →First Time Implementing DLP?
We recommend following our structured approach rather than jumping straight into technical implementation. Start by understanding your data, building stakeholder support, and creating clear policies.
View Complete ChecklistTimeline
Complete implementation typically takes 6-12 months depending on organization size and complexity.
- Phase 1: 0-2 months
- Phase 2: 2-4 months
- Phase 3: 4-6 months
- Phase 4: 6-9 months
- Phase 5: Ongoing
Team Size
Recommended team composition for successful DLP implementation.
- Project Sponsor (C-level)
- Data Protection Officer
- IT/Security Lead
- Legal/Compliance Officer
- Department Champions (3-5)