The Data Protection Bill in Sri Lanka, modeled after the EU's GDPR, aims to address data privacy concerns by introducing "privacy by design" and granting new rights to data subjects. It applies to international businesses, including tech giants like Meta and Google. The bill also introduces data residency and sovereignty concepts. While it's expected to enhance data protection, implementing data residency requirements for complex IT systems may pose challenges. Overall, the bill is a positive step for Sri Lanka, attracting tech investments and improving data protection in the digital age.