Privacy Law at Somalia
Somalia has established a comprehensive data protection framework with the enactment of the Somalia Data Protection Act (SDPA), Law No. 005 of 2023, and the subsequent formation of the Somalia Data Protection Authority (DPA). These developments signify a significant step towards safeguarding personal data and aligning with international privacy standards.
🇸🇴 Key Features of Somalia's Data Protection Framework
1. Legal Foundation
Somalia Data Protection Act (SDPA), 2023 Enacted on March 23, 2023, this legislation serves as the cornerstone of Somalia's data protection regime. It outlines the rights of individuals, the obligations of data controllers and processors, and the operational scope of the Data Protection Authorit.
Constitutional Basis The SDPA is grounded in Article 13 of the 2012 Constitution of the Federal Republic of Somalia, which guarantees the right to privacy, thereby providing a constitutional mandate for data protectio.
2. Data Protection Authority (DPA)
Establishment The DPA was inaugurated in February 2024 and is responsible for overseeing the implementation of the SDPA. Its duties include issuing guidelines, conducting investigations, handling complaints, and ensuring compliance through enforcement action.
Mandates The DPA is tasked with promoting awareness, providing training, registering data controllers and processors, and establishing regulations specific to data storage and processin.
3. Rights of Data Subjects
The SDPA grants individuals several rights concerning their personal dat:
Right to Access Individuals can inquire whether their data is being processed and obtain a cop.
Right to Rectification Individuals can request corrections to inaccurate or incomplete dat.
Right to Erasure Also known as the "right to be forgotten," allowing individuals to request the deletion of their personal data under certain condition.
Right to Restrict Processing Individuals can request the limitation of data processing activitie.
Right to Data Portability Individuals can request their data in a structured, commonly used format for transfer to another servic.
Right to Object Individuals can object to the processing of their data, particularly for direct marketing purpose.
Rights Related to Automated Decision-Making Individuals can opt out of decisions based solely on automated processing, including profilin.
4. Obligations of Data Controllers and Processors
Registration Entities processing personal data must register with the DPA, providing details such as contact information, data descriptions, purposes, recipients, and international transfer.
Data Protection Officer (DPO) Controllers and processors of major importance are required to appoint a DPO to oversee data protection complianc.
Data Protection Impact Assessment (DPIA) A DPIA is mandatory for processing activities likely to result in high risks to individuals' rights and freedom.
Security Measures Appropriate technical and organizational measures must be implemented to protect personal data from misuse, unauthorized access, or disclosur.
5. Cross-Border Data Transfers
The SDPA permits international data transfers to countries that provide an adequate level of data protection. In the absence of such adequacy, transfers may occur if safeguards like binding corporate rules, contractual clauses, or explicit consent are in plac.
6. Enforcement and Penalties
Non-compliance with the SDPA can result in significant penalties, including fines of up to 2–4% of a company's global annual turnover. The DPA is empowered to conduct audits, issue fines, and take corrective actions to ensure adherence to data protection law.
âś… Summary Table
| Aspect | Details | |--------------------------|--------------------------------------------------------------------------------------------------| | Primary Legislation | Somalia Data Protection Act (Law No. 005 of 2023) | | Regulatory Authority | Somalia Data Protection Authority (DPA) | | Key Rights | Access, Rectification, Erasure, Restriction, Data Portability, Objection, Rights in Automated Decisions | | Data Processing Principles | Lawfulness, Fairness, Transparency, Purpose Limitation, Data Minimization, Accuracy, Storage Limitation, Confidentiality and Security | | Breach Notification | Required to DPA and affected individuals within specified timeframes | | Penalties for Non-Compliance | Fines up to 2–4% of global annual turnover, audits, corrective actions | | International Commitments | Allows cross-border data transfers with adequate safeguards |
RELATED Blog
0 comments