• About
  • Advertise
  • Careers
  • Contact Us
Tuesday, June 24, 2025
  • Login
No Result
View All Result
NEWSLETTER
Tech | Business | Economy
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
    • Mobility
    • Environment
    • Travel
    • StartUPs
      • Chidiverse
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • EventDIARY
    • Editorial
    • Appointment
  • TECHECONOMY TV
  • Apply
  • TBS
  • BusinesSENSE For SMEs
  • Chidiverse
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
    • Mobility
    • Environment
    • Travel
    • StartUPs
      • Chidiverse
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • EventDIARY
    • Editorial
    • Appointment
  • TECHECONOMY TV
  • Apply
  • TBS
  • BusinesSENSE For SMEs
  • Chidiverse
No Result
View All Result
Tech | Business | Economy
No Result
View All Result
ADVERTISEMENT
Home News

How European Union’s GDPR Influenced Data Privacy Law in Africa

by Yinka Okeowo
June 2, 2022
in News
0
UBA
Advertisements

The European Union’s (EU) General Data Protection Regulations (GDPR) are considered to be a global standard for the protection of personal information.

Across Africa, many existing data security and protection laws were modelled on the regulations of the EU’s first data privacy legislation – the EU Data Protection Directive (1995), which preceded the GDPR.

Current data protection law in Africa is therefore largely similar to the GDPR, although there are also some significant differences. Businesses with operations in Africa that are already GDPR compliant will find that this is a good first step, with local expertise also essential to ensure compliance with jurisdiction-specific differences in the laws and regulations.

Enid Baaba Dadzie, Senior Associate at Kimathi & Partners in Ghana, notes that Ghana’s Data Protection Act was passed in 2012, ahead of the adoption of the GDPR, so it does not expressly follow the GDPR framework.

However, the Act regulates the collection and processing of personal data through similar principles provided in the GDPR.

Similarly, Sonal Sejpal, Partner at ALN Kenya | Anjarwalla & Khanna notes the provisions of Kenya’s Data Protection Act, 2019 also correspond to those of the GDPR, but are not identical.

Janet MacKenzie, Partner and Head of the IPTech Practice at Baker McKenzie in Johannesburg says the Protection of Personal Information Act (POPIA) was first prepared as a draft bill in 2009, and was based on the EU Directive, which was replaced by the GDPR in 2018.

https://techeconomy.ng/2018/09/gdpr-and-popia-getting-your-organisation-ready-with-the-right-tools/

There are similarities and major differences between POPIA and the GDPR. For example, the GDPR only protects the personal data of natural persons and does not extend its protection to juristic persons, whereas POPIA protects the data of both natural and juristic persons.

Pierre Deprez, an Associate at Nasrollah & Associés Baker McKenzie in Morocco, notes that current data privacy law in Morocco follows the “declarative” framework of the EU Directive n°95/46, which prevailed in Europe before the GDPR was passed.

In Rwanda, both the Law Nº 058/2021 of 13/10/2021 relating to the Protection of Personal Data and Privacy and the draft Regulation Governing use of Personal data in Rwanda 2019 follow the same framework as the GDPR.

According to Emmanuel Muragijimana, Chief Associate at K-Solutions & Partners in Rwanda, “These legislations have some highlighted similarities, including principles relating to processing of personal data, obligations on the companies and organizations in order to ensure the privacy and protection of personal data, providing data subjects with certain rights, and assigning powers to regulators to ask for demonstrations of accountability or to impose fines in cases of non-compliance.”

Arnold Lule Sekiwano, Partner at Engoru, Mutebi Advocates in Kampala, Uganda, says that privacy law in Uganda is also partially based on the GDPR.

“Uganda’s Data Protection and Privacy Act (2019) (Act) aims to protect the privacy of the individual and of personal data and is, in some limited respects, inspired by the GDPR. The Act also mirrors the UK Data Protection Act, 1998, which revolves around several principles concerning data protection and collection. The Act created the personal data protection office in NITA-U, also an independent body synonymous to the UK’s Information Commissioner’s Office, set up under Chapter 6 of the GDPR. One of the main contrasts of Ugandan privacy law with GDPR is the absence of legitimate interest as a legal basis for processing in the Ugandan Act,” he explains.

Ammar Oozeer, Barrister at Law at BLC Robert & Associates explains that in Mauritius, “the Data Privacy Act (DPA) 2017 is aligned with international standards, namely the GDPR and the Convention for Protection of Individuals with regard to Automatic Processing of Personal Data. However, there are certain instances in the DPA 2017 where the provisions are not the same as those contained in the GDPR. For example, the hefty administrative penalties under the GDPR have not been reflected in the DPA 2017, the requirement under the DPA 2017 for controllers and processors to be registered with the Data Protection Office prior to the processing of personal data, and the absence of automatic transfer to countries ensuring an adequate level of protection based on the determination of the Data Protection Office. 

He notes further, “The Mauritian legislator has adopted a criminal regime for sanctioning contravention of the DPA 2017. However, if an individual has suffered prejudice as a result of a breach of the DPA 2017 by a controller or processor, for example, following a personal data breach, the individual may claim damages or that breach under the law of tort.”

https://techeconomy.ng/2021/06/data-protection-regulations-are-major-hurdles-targeted-digital-advertising-will-face-andrew-bourne/

Ammar explains that to attract foreign investors, in particular, from the EU, it is imperative that African countries have robust data protection legislation because data protection is regarded as a fundamental right in the European Union.

Ijeoma Uju, Partner at Templars in Lagos, Nigeria, says that the Nigerian Data Protection Regulation (NDPR), 2019, is significantly modelled after the GDPR, noting that, “both laws are reasonably similar in terms of rationale and core principles. The NDPR and the GDPR both aim to provide data subjects with a certain level of protection regarding their personal data. The material scope of the laws are consistent, with common definitions and principles on processing of personal data in general.

“For example, the GDPR require data controllers to report a data breach within 72 hours after becoming aware of such breach. The same provision can be found in the NDPR implementation framework. Beyond the similarities, both laws also have notable differences. One major difference is the requirement under the NDPR for the filing of data audit reports on an annual basis if certain processing thresholds are met. Additionally, unlike the NDPR, the GDPR is a more unified framework. Although the NDPR and the Data Protection Bill aim to achieve this goal, Nigeria laws on data protection and privacy are currently not as comprehensive or unified,” she notes.

https://techeconomy.ng/2021/06/stakeholders-seek-passage-of-data-protection-bill-to-strengthen-ndpr/

The GDPR has clearly given African governments a yardstick by which to measure and develop their own privacy laws, as well as giving African organisations an international standard to adopt, and thereby maintain the trust of the international community. However, it is also imperative that local expert advice is sought to ensure compliance with country and region-specific laws.

Loading

Advertisements
MTN ADS

Author

  • Yinka Okeowo
    Yinka Okeowo

    View all posts
0Shares
Tags: GDPRNDPRPOPIA
Yinka Okeowo

Yinka Okeowo

Next Post

Commodities Exchange Company, AFEX, Commits to Feeding Additional one million Households

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recommended

Google

AI War: Alphabet to Combine Google Brain and DeepMind

2 years ago
Lagos Govt

#FuelPriceHike: Lagos Govt Extend Work From Home Policy For Another 3 Months Due to Fuel Price Hike

10 months ago

Popular News

    Connect with us

    • About
    • Advertise
    • Careers
    • Contact Us

    © 2025 TECHECONOMY.

    No Result
    View All Result
    • News
    • Tech
      • DisruptiveTECH
      • ConsumerTech
      • How To
      • TechTAINMENT
    • Business
      • Telecoms
      • Mobility
      • Environment
      • Travel
      • StartUPs
        • Chidiverse
      • TE Insights
      • Security
    • Partners
    • Economy
      • Finance
      • Fintech
      • Digital Assets
      • Personal Finance
      • Insurance
    • Features
      • IndustryINFLUENCERS
      • Guest Writer
      • EventDIARY
      • Editorial
      • Appointment
    • TECHECONOMY TV
    • Apply
    • TBS
    • BusinesSENSE For SMEs

    © 2025 TECHECONOMY.

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In
    Translate »
    This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.