The number of data protection laws in Africa are increasing. An example, is that the Protection of Personal Information Act (POPI Act) was recently enacted in South Africa.  Many organisations do business (or use the cloud) in many different countries in of the world, including Africa. This means that they transfer personal information across the borders of various African countries. Often personal information also gets transferred from an African country to the EU, UK, the US, Australia or elsewhere. It also means that personal information is often transferred from the EU, UK, the US, Australia or elsewhere to an African country. This raises various issues.

  • Can personal information be transferred to a specific country without taking additional steps? Does the country have laws that provide an adequate level of protection?
  • What are the data privacy laws of the African country? Do they restrict personal information being transferred out of the country once it has gone there?
  • Does the law prohibit (or restrict) a responsible party (or data controller) from using an operator (or data processor) in that African country?
  • Are any requirements imposed on an operator (or data processor)?
  • What are the legal requirements for the lawful transfer of personal information out of that African country?

We have reviewed the data protection laws of many African countries. We can provide you with summaries of them and the relevant source documents and answer your questions regarding these countries.

Why is it important?

  • Know the specific requirements in each country. The laws in different countries vary and there are criminal and civil sanctions for violations.
  • An organization’s global or regional compliance program (or privacy program) must take the laws of all relevant territories into account.
  • Get independent oversight on whether you can use a cloud offering.
  • Ensure the free flow of personal information to support the organisation.

Which African countries?

Angola, Benin, Botswana, Burkina Faso, Cape Verde, Cote D’Ivoire, DRC, Gabon, Ghana, Kenya, Namibia, Mozambique, Mauritius, Mali, Mauritius, Morocco, Qatar, Senegal, Seychelles, South Africa, Tanzania, Uganda, Zambia, Zimbabwe. The laws of Botswana, Namibia, Kenya, and Mauritius, and South Africa are the most important ones.

The data protection laws of African countries

For each country, we set out:

  1. The law
  2. The effective date
  3. Restrictions on export (data sovereignty)
  4. Regulator or authority
  5. Registration with Regulator
  6. Consent required
  7. Justification or legal basis for processing (consent or balance of interest exception)
  8. Breach notification obligation
  9. Registration of databases

How we can help you

We can:

Interested?

If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.