Published :
Updated :
For all latest news, follow The Financial Express Google News channel.
The government has formally clarified that the newly finalised Personal Data Protection Ordinance (PDPO) does not impose a blanket obligation to store all personal data within Bangladesh, rebutting claims made in a recent newspaper article.
The special assistant to the Chief Adviser on posts, telecommunications and ICT, Faiz Ahmad Taiyeb, stated in an open letter to the country's digital community on Friday that the claim of compulsory, hundred per cent data localisation was "entirely incorrect" and based on an "outdated draft" prepared under a previous administration.
The letter explains that Bangladesh has adopted a cloud-first policy rather than a localisation-first model, allowing data to be stored and processed abroad provided that digital platforms remain legally accountable to Bangladeshi jurisdiction.
Taiyeb stressed that the PDPO introduces a modern governance structure in line with international standards and does not restrict cross-border data flows, except in cases involving a narrow category of restricted personal data such as NID, biometric records, voter rolls, date of birth or core banking identifiers.
Even in those cases, overseas processing is permitted as long as legal accountability to Bangladeshi courts is preserved.
He said the ordinance has been drafted following a wide-ranging consultation process with domestic and international stakeholders.
The upcoming authority under the law is designed not only to oversee implementation of the PDPO but also to serve as a broader mechanism for inter-ministerial data governance and coordination inside government.
Taiyeb urged industry actors to refrain from speculation and misinterpretation, emphasising that all commitments made during consultations had been upheld in the final text.
He also dismissed another claim circulating in the media that the law imposes a penalty equivalent to five per cent of a company's global turnover, clarifying that no such provision exists in the final version.
The government has provided an eighteen-month transition period for organisations to comply with the new framework.
Taiyeb argued that a stronger data governance regime has become unavoidable, given that personal information of more than fifty million Bangladeshi citizens has already appeared on the dark web and the local software industry has lost international contracts due to weak data compliance safeguards.
Calling the reforms "a national necessity", he said the government welcomes open dialogue with technology stakeholders, including local and foreign business councils, and that additional clarification sessions will be organised before the end of the current tenure.
bdsmile@gmail.com