Privacy Law at Guinea
Guinea's data protection and privacy framework is primarily governed by Law No. L/2016/037/AN, enacted on July 26, 2016, titled Cybersecurity and Protection of Personal Data. This legislation establishes comprehensive guidelines for the collection, processing, and storage of personal data, aiming to safeguard individuals' privacy in the digital era.
Key Provisions of Guinea's Data Protection Law
1. Consent and Lawful Processing
Prior Authorization Processing of personal data, especially sensitive categories such as genetic, medical, biometric, or data intended for scientific research, requires prior authorization from the competent authority, which is the Ministry of Health and Public Hygien.
Legitimate Bases for Processing Processing is considered legitimate if the data subject provides explicit prior consent or if processing is necessary for compliance with a legal obligation, the performance of a public interest task, contract execution, or to safeguard the data subject's rights and freedom
2. Rights of Data Subjects
Individuals in Guinea have the following rights concerning their personal data:
Right to Access Individuals can request information about the processing of their personal dat.
Right to Rectification Individuals can request corrections to inaccurate or incomplete personal dat.
Right to Erasure Individuals can request the deletion of their personal data under certain condition.
Right to Restrict Processing Individuals can request limitations on how their data is processed in specific situation
Right to Data Portability Individuals can obtain and reuse their personal data across different service.
Right to Object Individuals can object to the processing of their personal data in certain circumstance.
3. Obligations of Data Controllers
Transparency Data controllers must inform data subjects about the specific purposes of data processing, the categories of data concerned, recipients of the data, the right to refuse inclusion in the data file, the existence of rights to access and rectify data, the data retention period, and any potential transfer of data to third countrie
Data Security Implement appropriate technical and organizational measures to protect personal data against unauthorized access, processing, loss, or destructio.
Data Breach Notification Notify the relevant authorities and affected individuals promptly in the event of a data breac.
4. Regulatory Authority
National Commission for the Protection of Personal Data (CNIL) The CNIL oversees the enforcement of data protection laws in Guinea. It is responsible for ensuring compliance, handling complaints, and imposing penalties for violation.
5. Penalties for Non-Compliance
Criminal Penalties Unauthorized processing of sensitive personal data, such as information revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, health status, or sexual orientation, can result in imprisonment from one to seven years and fines ranging from 30,000,000 to 150,000,000 Guinean Franc.
RELATED Blog
0 comments