Privacy Law at Burundi
As of April 2025, Burundi is in the early stages of developing a comprehensive legal framework for data protection and privacy. While there is no single, unified data protection law akin to the EU's General Data Protection Regulation (GDPR), several existing laws and regulations address aspects of personal data protection.
📜 Key Legal Instruments Addressing Data Protection
Law No. 1/02 of 2009:This law aims to regulate the processing of personal data, establishing principles for the collection, storage, and use of personal information while safeguarding individual rights
Law No. 1/10 of March 16, 2022 (Cybercrime Law):Defines personal data and provides sanctions against individuals and service providers for violations related to personal data
Sector-Specific Laws:
Health Sector:Law No. 1/07 of March 12, 2020, amends the Code of Health Care and Health Services Provision, requiring healthcare institutions to maintain the confidentiality of patient information
Banking Sector:Law No. 1/17 of August 22, 2017, governing banking activities, imposes confidentiality obligations on customer and account information
🏛 Data Protection Authority
Burundi has established the National Commission for the Protection of Personal Data (CNIL), an independent authority responsible for overseeing the enforcement of data protection laws within the countr. The CNIL is tasked with ensuring compliance, investigating breaches, and imposing penalties for non-complianc.
⚖️ Enforcement and Penalties
The CNIL has the authority t: fines and sanctions on organizations found to be non-complian.Provide guidance to organizations on best practices for data handling and processin
🌐 International Alignment
Burundi has ratified the African Union Convention on Cyber Security and Personal Data Protection, adopted in 204This convention aims to harmonize data protection measures across member states, although its full implementation at the national level is still pendig.
✅ Summary
While Burundi is in the process of developing a comprehensive data protection legal framework, existing laws and regulations provide a foundation for personal data protectin The establishment of the CNIL signifies the country's commitment to enhancing data privacy and aligning with international standars.
RELATED Blog
0 comments