Dhaka: The government has issued gazette notifications on two groundbreaking laws-the Personal Data Protection Ordinance, 2025, and the National Data Governance Ordinance, 2025-marking a historic step toward ensuring the privacy, security, and ownership of citizens’ personal data in Bangladesh. The Law, Justice and Parliamentary Affairs Ministry issued separate notifications on the two ordinances on Thursday, according to a press release from the Information and Communication Technology (ICT) Division.
According to Bangladesh Sangbad Sangstha, the Council of Advisers gave final approval to both ordinances on October 9. Under the new ordinances, every citizen has been recognized as the rightful owner of their personal data, making their explicit consent mandatory before the collection, storage, transfer, or use of any data. Besides, sensitive data, including financial, health, genetic, and biometric information, will receive enhanced protection, while violations of data security will incur administrative penalties, compensation, fines, and other punishments. To oversee these provisions, a high-powered national authority has been proposed.
The Personal Data Protection Ordinance establishes citizens’ full ownership over their personal data. Government and private entities will act only as data custodians or processors, not owners. As per the ordinance, citizens will have the right to access, correct, delete, and restrict automated decisions made using their data. The ordinance emphasizes transparency, accountability, and informed consent, in line with international standards, while ensuring strong measures to prevent misuse of data.
The ordinance includes special safeguards for children and minors. Regarding processing data belonging to children or minors, consent must be obtained from a parent or legal guardian, while the new ordinance explicitly prohibits profiling, behavioral tracking, or targeted advertising directed at minors, recognizing the potential risks of digital exploitation.
A National Data Management Authority will be established under the National Data Governance Ordinance, 2025, to effectively manage the citizens’ data across the country. This authority will formulate data policies, ensure legal compliance, and resolve complaints regarding all data, including personal data, guaranteeing security across all national databases and software systems. By maintaining all such source codes through the National Source Code Repository, the state ends the vendor-lock and software-lock situation of all such software. The authority will ensure accountability and discipline of all data custodians, processors, and platforms.
To enable secure and responsible data exchange, a National Responsible Data Exchange (NRDEX) platform will be launched. It will allow government and private institutions to safely share data for approved purposes, reducing duplication, improving interoperability, and easing the process for citizens and data custodians alike. The new ordinance also introduces the concept of a Unified Digital Identity, enabling citizens to securely access multiple government and digital services using a single ID.
Bangladesh’s new data protection frameworks align with global standards on personal data protection. The rights and obligations incorporated into the ordinance are both investment-friendly and provide human rights protection. This will facilitate cooperation in online business, cloud computing, and international technology trade, and accelerate the nation’s overall digital transformation.