Protection of privacy is increasingly a vital necessity in a world that’s becoming more connected.
Understanding this, technology company 99x was among the first companies in Sri Lanka to
conform to and receive the ISO 27701:2019 Privacy Information Management System
certification from DNV GL.
The protection of personally identifiable information (PII) is of utmost importance, and doubly so
to 99x, as a provider of digital solutions to a primarily Scandinavian clientele. The introduction of
the European Union General Data Protection Regulation (GDPR) heightened this requirement.
The groundwork put in by 99x towards maintaining information privacy and security for many
years enabled the company to meet the stringent requirements of this new certification, and
thereby be one of the first in the country to receive it.
“The protection of our customers’ IP has always been a top priority for us. It is a cornerstone of
our long-term engagements with customers as they have always been assured that their data is
safe with us. Recent developments have seen the focus of protecting corporate IP extend to the
protection of individuals’ personally identifiable information (PII). It required a restructuring of
certain internal processes but thanks to our detailed procedures for protecting customer data,
we were able to roll out these changes fluidly across the organisation,” noted Chaminda
Vithanage, Process Manager at 99x.
The need for trust and accountability for personal information is growing in the minds of
customers, consumers and other stakeholders alike. The recent heightened privacy concerns in
relation to the popular messenger app Whatsapp, resulting in a mass exodus of users from the
platform, serves as a timely reminder of the importance of the protection of personally
“Receiving the ISO 27701:2019 Privacy Information Management System certification creates
increased trust and goodwill among our customers, in relation to the services that we provide to
them, which in turn adds more value to our work. It also builds further assurance in the global
outsourcing model and increases their confidence in the Sri Lankan IT industry as a whole to
know that we are able to meet global standards such as this,” added Prasath Mahalingam, Chief
Business Development Officer of 99x.
Companies are required to have the right competence, processes and systems in place, and the
new ISO 27701:2019 certification provides companies with much-needed guidance to do so.
The certification was issued by DNV GL, an international accredited registrar and classification
society headquartered in Høvik, Norway. Providing a risk-based approach, the ISO 27701:2019
certification helps organisations address specific privacy risks faced, as well as risks to personal
data and privacy.
Headquartered in Sri Lanka, 99x is a technology company co-creating well-engineered,
innovative digital products for the Scandinavian market. Its expertise has been proven through a
portfolio of over 150 impactful global digital products developed since 2004, together with leading Independent Software Vendors (ISVs). 99x employs over 350 technology and product
specialists, who are high achievers, creative thinkers and team players. The company is one of
Asia’s Best Workplaces for 2020 and has been named a Best Workplace in Sri Lanka for eight