EMEA Data Protection Authorities (DPAs)

INTRODUCTION

Data Protection Authorities (DPAs) involves understanding the entities responsible for safeguarding individuals' privacy and enforcing data protection laws within a given jurisdiction. DPAs play a crucial role in overseeing compliance with regulations, addressing privacy concerns, and ensuring the responsible handling of personal data by organizations.

Data Protection Authorities (DPAs) for EMEA:

  • Europe
  • Middle East
  • Africa

Europe

Albania: 

  • Authority: Information and Data Protection Commissioner
  • The Right to Information and Data Protection Commissioner (the "Commissioner") is the Albanian independent authority in charge of supervising and monitoring the protection of personal data and the right to information by respecting and guaranteeing the fundamental human rights and freedoms in compliance with the legal framework.
  • Official Website: IDP


Andorra:

  • Authority: Andorran Data Protection Agency
  • the Andorran independent control authority, responsible for ensuring the privacy and data protection of citizens. The aim of this space is, on the one hand, to encourage people to know their rights and the possibilities that the Agency offers them to exercise them and, on the other hand, that the obliged subjects have at their disposal an agile instrument that makes it easier for them to comply with the regulations.
  • Official Website: APDA


Armenia: 

  • Authority: Personal Data Protection Agency
  • Decision of 10.02.2022 on revising the list of states providing a sufficient level of personal data protection. Advisory decision on the publication of children's personal data. Advisory decision on the use of telephone numbers for advertising purposes. Decision on setting serial numbers of decisions (administrative cases) of the Personal Data Protection Agency of the Ministry of Internal Affairs of RA.
  • Official Website: PDPA


Austria: 

  • Authority: Austrian Data Protection Authority
  • The Austrian Data Protection Authority (Datenschutzbehörde or DSB) is the independent supervisory authority responsible for ensuring compliance with data protection laws in Austria. It was established in accordance with the General Data Protection Regulation (GDPR), which is the primary law governing data protection and privacy in the European Union (EU).
  • Official Website: APDA


Azerbaijan:

  • No specific DPA. The Ministry of Transport, Communications and High Technologies deals with some aspects of data protection.
  • Official Website: No Website


Belarus:

  • No specific DPA. The Ministry of Communications and Informatization may handle issues related to data protection.
  • Official Website: No Website


Belgium:

  • Authority: Data Protection Authority
  • The Data Protection Authority (GBA) is an independent body that ensures that the basic principles of the protection of personal data are correctly observed. The Data Protection Authority was established by the Belgian Federal Chamber of Representatives by the Act of 3 December 2017 establishing the Data Protection Authority and is the successor to the former Privacy Commission.
  • Official Website: GBA


Bosnia and Herzegovina:

  • Authority: Personal Data Protection Agency
  • In Bosnia and Herzegovina, the authority responsible for data protection is the Agency for Personal Data Protection (Agencija za zaštitu ličnih podataka), commonly referred to as the Data Protection Agency.
  • Official Website: AZLP


Bulgaria:

  • Authority: Commission for Personal Data Protection
  • The Commission for Personal Data Protection is an independent state authority responsible for overseeing and enforcing data protection laws in Bulgaria. It ensures compliance with the Bulgarian Personal Data Protection Act (PDPA) and other relevant regulations concerning the processing of personal data.
  • Official Website: CPDP


Croatia:

  • Authority: Croatian Personal Data Protection Agency
  • The Croatian Personal Data Protection Agency is an independent regulatory body responsible for overseeing and enforcing data protection laws in Croatia. Its primary role is to ensure compliance with the General Data Protection Regulation (GDPR) and the Croatian Personal Data Protection Act. Official Website: AZOP


Cyprus:

  • Authority: Commissioner for Personal Data Protection
  • The Commissioner for personal data protection is an independent public authority responsible for monitoring the implementation of Regulation (EU) 2016/679 (GDPR) and other laws aiming at the protection of individuals with regards to the processing of their personal data.
  • Official Website: CPDP


Czech Republic:

  • Authority: The Office for Personal Data Protection
  • The Office for Personal Data Protection has the authority to investigate complaints related to violations of data protection laws, including unauthorized data processing, data breaches, and non-compliance with GDPR requirements. It can conduct inspections, audits, and issue warnings, corrective measures, and administrative fines for infringements.
  • Official Website: UOOU


Denmark:

  • Authority: Danish Data Protection Agency
  • The Data Protection Agency is the national independent supervisory authority in Denmark with responsibility for upholding the fundamental right of data protection. The DPA’s statutory powers, functions and duties derive from the Data Protection Act, General Data Protection Regulation, Law Enforcement Directive, The Danish Law Enforcement Act as well as the Danish TV Surveillance Act.
  • Official Website: DDPA


Estonia:

  • Authority: Estonian Data Protection Inspectorate
  • The Estonian Data Protection Inspectorate collaborates with other data protection authorities within the European Union (EU) and internationally to ensure consistent application and enforcement of data protection laws. This cooperation is essential for addressing cross-border data protection issues and ensuring the protection of individuals' personal data.
  • Official Website: EDPI


Finland:

  • Authority: Office of the Data Protection Ombudsman
  • The Data Protection Ombudsman is a national supervisory authority which supervises the compliance with data protection legislation. With Data Protection Ombudsman and two Deputy Data Protection Ombudsmen there works approximately 55 specialists in the office.
  • Official Website: Office of the Data Protection Ombudsman


France:

  • Authority: National Commission on Informatics and Liberty (CNIL)
  • The National Commission on Informatics and Liberty (Commission Nationale de l'Informatique et des Libertés), commonly known as CNIL, is the independent administrative authority in France responsible for ensuring compliance with data protection laws and safeguarding privacy rights.
  • Official Website: CNIL


Georgia:

  • Authority: Personal Data Protection Service
  • The Personal Data Protection Service operates in accordance with the Georgian Law on Personal Data Protection and other relevant regulations. It ensures that organizations and individuals comply with national data protection laws to protect individuals' privacy rights and promote responsible data processing practices.
  • Official Website: PDPS


Germany:

  • Authority: Federal Commissioner for Data Protection and Freedom of Information
  • The data protection supervisory authorities in Germany, Europe and the world cooperate closely. By agreeing on common positions, they take a stand in debates and create the practical basis for a good implementation of the law in companies and authorities. The BfDI is involved in all committees and their working groups.
  • Official Website: BFDI

Greece:

  • Authority: Hellenic Data Protection Authority
  • The Hellenic Data Protection Authority is the national Data Protection Authority for Greece. It resides in Athens and is in charge of enforcing GDPR in Greece, the Greek Data Protection Act 2019, the ePrivacy Directive implementation law and other provisions regarding the protection of personal data.
  • Official Website: HDPA


Hungary:

  • Authority: National Authority for Data Protection and Freedom of Information
  • The National Authority for Data Protection and Freedom of Information (NAIH) is responsible for monitoring and promoting the enforcement of two fundamental rights: the right to the protection of personal data and the right to freedom of information (access to data of public interest and data accessible on public interest grounds), as well as for the promotion of the free movement of personal data within the European Union.
  • Official Website: NAIH


Iceland:

  • Authority: Icelandic Data Protection Authority
  • The purpose of the Act is to promote the practice of personal data being processed in conformity with the fundamental principles of data protection and the right to privacy, and to ensure the accuracy and quality of personal data and the free movement of personal data within the EEA.
  • Official Website: IDPA


Ireland:

  • Authority: Data Protection Commission
  • The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected. The DPC is the Irish supervisory authority for the General Data Protection Regulation (GDPR), and also has functions and powers related to other important regulatory frameworks including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive.
  • Official Website: DPC


Italy:

  • Authority: Italian Data Protection Authority
  • The Italian Data Protection Authority (Garante per la protezione dei dati personali) is an independent administrative authority established by the so-called privacy law (Law No. 675 of 31 December 1996) and regulated subsequently by the Personal Data Protection Code (Legislative Decree No. 196 of 30 June 2003)
  • Official Website: GPDP


Kazakhstan:

  • No specific DPA. The Committee on Legal Statistics and Special Records of the General Prosecutor's Office oversees some aspects of data protection.
  • Official Website: No Website


Latvia:

  • Authority: Data State Inspectorate
  • The Data State Inspectorate is a direct administrative institution under the supervision of the Cabinet of Ministers in accordance with Section 3 of the Law on the processing of personal data and is a supervisory authority for the processing of personal data within the meaning of the General Data Protection Regulation. The Authority carries out the tasks laid down in the General Data Protection Regulation and other laws and regulations in the field of the processing of personal data.
  • Official Website: DVI


Liechtenstein:

  • Authority: Data Protection Office
  • The DSS is responsible for ensuring compliance with data protection laws and regulations within Liechtenstein. Its primary role is to protect the privacy and personal data of individuals in accordance with national legislation and the European Union's General Data Protection Regulation (GDPR), as Liechtenstein is a member of the European Economic Area (EEA).
  • Official Website: DSS


Lithuania:

  • Authority: State Data Protection
  • The SDPI is tasked with regulating and enforcing data protection laws in Lithuania. It ensures that organizations processing personal data adhere to the principles and requirements outlined in the GDPR and other relevant legislation.
  • Official Website: SDPI


Luxembourg:

  • Authority: National Commission for Data Protection
  • The National Commission for Data Protection (CNPD) is an independent public institution with legal personality. It enjoys financial and administrative autonomy. It is responsible for verifying the legality of the files and all collection, use and transmission of information concerning identifiable individuals and must ensure in this context respect for the fundamental rights and freedoms of natural persons, in particular their privacy.
  • Official Website: CNPD


Malta:

  • Authority: Office of the Information and Data Protection Commissioner
  • The Office of the Information and Data Protection Commissioner is the national supervisory authority responsible for monitoring and enforcing the provisions of the GDPR and the Data Protection Act.
  • This Office is also responsible to enforce the provisions of the Freedom of Information Act and ensure that public authorities observe the requirements thereof.
  • Official Website: IDPC


Moldova:

  • Authority: National Center for Personal Data Protection
  • The NCPDP is responsible for regulating and enforcing data protection laws in Moldova. It ensures compliance with the national legislation on personal data protection, which includes the Law on Personal Data Protection and other relevant regulations.
  • Official Website: NCPDP


Montenegro:

  • Authority: Agency for Personal Data Protection and Free Access to Information
  • The agency works to promote a culture of data protection awareness and compliance within Montenegro. It engages in public outreach activities, campaigns, and initiatives to raise awareness of data protection rights and responsibilities among businesses, public authorities, and individuals.
  • Official Website: PDPL


Netherlands:

  • Authority: Dutch Data Protection Authority
  • The Data Protection Officer (DPO) is a relatively new position in the Netherlands. A DPO supervises the application of and compliance with privacy legislation within an organisation. There are now about 10,000 DPOs in the Netherlands. They have an independent function. For some organisations, it is mandatory to appoint a DPO and register him or her with the Dutch Data Protection Authority (DPA).
  • Official Website: DPA


North Macedonia:

  • Authority: Directorate for Personal Data Protection
  • The Directorate upholds the rights of individuals regarding their personal data. This includes the right to access, rectify, erase, and restrict the processing of their personal information. The Directorate also handles complaints and inquiries from data subjects related to the processing of their data.
  • Official Website: PDPA


Norway:

  • Authority: Norwegian Data Protection Authority
  • The Norwegian Data Protection Authority is an agency of the Norwegian Government responsible for managing the Personal Data Act 2000, concerning privacy concerns. This Act replaced the Data Register Act 1978.
  • Official Website: DPA


Poland:

  • Authority: Personal Data Protection Office
  • UODO works to promote a culture of data protection awareness and compliance in Poland. It engages in public outreach activities, campaigns, and initiatives to raise awareness of data protection rights and responsibilities among businesses, public authorities, and individuals.
  • Official Website: UODO


Portugal:

  • Authority: National Data Protection Commission
  • The National Data Protection Commission (CNPD) is an independent administrative entity, with legal personality under public law and with authoritative powers, endowed with administrative and financial autonomy, which works alongside the Assembly of the Republic.
  • Official Website: CNPD


Romania:

  • Authority: National Supervisory Authority for Personal Data Processing
  • The National Supervisory Authority for the Processing of Personal Data, as an autonomous central public authority with general competence in the field of personal data protection, represents the guarantor of respecting the fundamental rights to private life and to the protection of personal data, stipulated especially by Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, by Article 16 of the Treaty on the Functioning of the European Union and Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms.
  • Official Website: NSAPDP


Serbia:

  • Authority: Commissioner for Information of Public Importance and Personal Data Protection
  • The Commissioner for Information of Public Importance and Personal Data Protection is an autonomous public authority, who exercises his/her powers independently and whose competences are set by Article 44 of the Law on Personal Data Protection. For the purpose of exercising the duties within his/hers sphere of competence.
  • Official Website: PDP


Slovakia:

  • Authority: Office for Personal Data Protection of the Slovak Republic
  • The Office is a state administration body with nationwide competence, which participates in the protection of fundamental rights of natural persons in the processing of personal data and which supervises the protection of personal data, including supervision of the protection of personal data processed by competent authorities in the performance of tasks for the purposes of criminal proceedings.
  • Official Website: UOOU


Slovenia:

  • Authority: Information Commissioner
  • In Slovenia, the authority responsible for overseeing data protection and privacy issues, as well as access to public information, is known as the Information Commissioner (Slovene: Informacijski pooblaščenec).
  • Official Website: DPA


Spain:

  • Authority: Spanish Data Protection Agency
  • The independent public authority in charge of ensuring the privacy and data protection of citizens. The aim of this space is, on the one hand, to encourage people to know their rights and the possibilities that the Agency offers them to exercise them and, on the other hand, that obliged subjects have at their disposal an agile instrument that facilitates compliance with the regulations.
  • Official Website: AEPD


Sweden:

  • Authority: Swedish Data Protection Authority
  • The authority upholds the rights of individuals regarding their personal data. This includes the right to access, rectify, erase, and restrict the processing of their personal information. Individuals can file complaints with the Swedish Data Protection Authority if they believe their data protection rights have been violated.
  • Official Website: SDPA


Switzerland:

  • Authority: Federal Data Protection and Information Commissioner
  • The FDPIC is responsible for regulating and enforcing data protection laws in Switzerland. This includes ensuring compliance with the Federal Act on Data Protection (FADP) and other relevant legislation related to the processing of personal data.
  • Official Website: DPA


United Kingdom:

  • Authority: Information Commissioner's Office
  • In cases of serious data protection violations, the ICO has the authority to initiate legal proceedings against offending organizations. This may involve imposing fines, issuing enforcement notices, or taking other enforcement action to address non-compliance.
  • Official Website: ICO


Middle East

Bahrain:

  • Authority: Personal Data Protection Authority
  • The Law aims to protect the rights and freedoms of individuals and their personal data, by establishing a legal framework that defines the methods and means of processing data in a way that gives individuals confidence in all matters concerning their data handled by companies and organizations, and to be managed in an accurate, up-to-date and secure manner. 
  • Official Website: PDP


Egypt:

  • Authority: Data Protection Authority
  • the Data Protection Centre ('DPC') is empowered to oversee and enforce the Data Protection Law including, inter alia, issuance of required licenses and authorization and certification in accordance with the Data Protection Law. Please note, however, that the DPC is not yet operational.
  • Official Website: DPC


Iran:

  • Authority: The Supreme Council of Information
  • Notification is not necessary if the breach couldn't result in identity deception, identity theft, or fraud affecting an Indiana resident.
  • Official Website: The Supreme Council of Information


Iraq:

  • Authority: 
  • Not specifically designated as of April 2023
  • Official Website: No Website


Israel:

  • Authority: Data Protection Authority The Privacy Protection Authority
  • The Privacy Protection Authority is the Israeli regulatory and enforcing authority for personal digital information, in accordance with the Privacy Protection Law. The authority is responsible for the protection of all personal information held in digital databases.
  • Official Website: PPA


Jordan:

  • Authority: Ministry of Digital Economy and Entrepreneurship
  • Jordan is considered one of the leading countries in the MENA region to regulate personal information protection rules, as of September 17, 2023, the Jordanian Data Protection Law (the Law) is published in the Official Gazette, and according to the Law, it shall be effective after six months of being published.
  • Official Website: Ministry of Digital Economy and Entrepreneurship


Kuwait:

  • Authority: Communication and Information Technology Regulatory Authority (CITRA)
  • The Data Protection Regulation applies to all service providers irrespective of whether the data processing is undertaken inside or outside Kuwait, which requires that service providers inform users about how their data is collected, processed, and stored.
  • Official Website: CITRA


Lebanon:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Oman:

  • Authority: Information Technology Authority (ITA)
  • the ITA may not have direct responsibility for data protection and privacy regulation, it could still play a role in promoting best practices in data security and privacy within the ICT sector. Additionally, it may collaborate with other governmental bodies or agencies that have a more direct focus on data protection and privacy matters.
  • Official Website: ITA


Palestine:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Qatar:

  • Authority: Data Protection Authority Ministry of Transport and Communications
  • In Qatar, the NCGAA is responsible for the enforcement of the Data Protection Law. Any data subject may submit a complaint to the NCGAA in the case of a violation of the Data Protection Law.
  • Official Website: DPA


Saudi Arabia:

  • Authority: Data Protection Authority Saudi Data and Artificial Intelligence Authority (SDAIA)
  • The SDAIA has a significant role in data protection and privacy regulation through the implementation and enforcement of relevant laws and regulations. One of the key laws in this regard is the Personal Data Protection Law, which was approved in Saudi Arabia in 2019 and came into effect in March 2022.
  • Official Website: SDAIA


Syria:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Turkey:

  • Authority: Data Protection Authority Turkish Personal Data Protection Authority
  • The Turkish Data Protection Authority is a government organization in Turkey which provides the protection of personal data and works to develop awareness in this respect in the public eye in line with the fundamental rights related with privacy and freedom.
  • Official Website: DPAT


United Arab Emirates:

  • Authority: Data Protection Authority Various authorities per emirate; Dubai International Financial Centre (DIFC) Data Protection Commissioner
  • The DIFC Commissioner of Data Protection is responsible for supervision and enforcement of the Data Protection Law, DIFC Law No. 5 of 2020. The law prescribes rules and obligations regarding the collection, handling, and use of personal data as well as rights and remedies for individuals who may be impacted by such processing. It is designed to balance the legitimate needs of businesses and organizations to process personal information with upholding an individual’s right to privacy. 
  • Official Website: DIFC


Abu Dhabi:

  • Authority: The Abu Dhabi Global Market (ADGM) Office of Data Protection
  • The Office of Data Protection is responsible for promoting data protection within ADGM, maintaining the register of Data Controllers, enforcing the obligations upon Data Controllers and upholding the rights of individuals. It provides a range of information, guidance and tools not only to entities operating within ADGM, but also to individuals and the general public.
  • Official Website: ADGM


Dubai:

  • Authority: Dubai International Financial Centre (DIFC): Data Protection Commissioner. The DIFC Data Protection Commissioner oversees the data protection law within the DIFC, which is a financial free zone in Dubai.
  • Dubai Healthcare City (DHCC): Dubai Healthcare City Authority Regulatory (DHCR). While not exclusively a data protection authority, DHCR oversees compliance with healthcare regulations, including patient data privacy, within the Dubai Healthcare City free zone.
  • The DIFC Commissioner of Data Protection is responsible for supervision and enforcement of the Data Protection Law, DIFC Law No. 5 of 2020. The law prescribes rules and obligations regarding the collection, handling, and use of personal data as well as rights and remedies for individuals who may be impacted by such processing. It is designed to balance the legitimate needs of businesses and organizations to process personal information with upholding an individual’s right to privacy.
  • Official Website: DIFC


Sharjah:

  • Authority: Personal Data Protection Law
  • Official Website: No Website


Ajman:

  • Authority: Personal Data Protection Law
  • Official Website: No Website


Umm Al Quwain:

  • Authority: Personal Data Protection Law
  • Official Website: No Website


Ras Al Khaimah:

  • Authority: Personal Data Protection Law
  • Official Website: No Website


Fujairah:

  • Authority: Personal Data Protection Law
  • Official Website: No Website


Yemen:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Africa

Algeria:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Angola:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Benin:

  • Authority: 
  • Not specifically designated as of April 2023
  • Official Website: No Website


Botswana:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Burkina Faso:

  • Authority: Commission de l'Informatique et des Libertés (CIL)
  • It oversees privacy matters, promotes awareness, and ensures compliance with privacy legislation within the province.
  • Official Website: CIL


Burundi:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Cabo Verde:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Cameroon:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Central African Republic:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Chad:

  • Authority: Agence Nationale de Sécurité Informatique et de Certification Electronique (ANSICE)
  • Official Website: No Website


Comoros:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Congo (Democratic Republic):

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Djibouti:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Egypt:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Eritrea:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Eswatini (Swaziland):

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Ethiopia:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Gabon:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Gambia:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Ghana:

  • Authority: DPA Data Protection Commission
  • The Commission provides for the process to obtain, hold, use or disclose personal information and for other related issues bordering on the protection of personal data. The Commission is given several powers under the Act including the power to acquire property under the State Property and Contracts Act, 1960 (C.A.6) or the State Lands Act, 1962 (Act 125).
  • Official Website: DPA


Guinea:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Guinea-Bissau:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Ivory Coast (Côte d'Ivoire):

  • Authority: Autorité de Protection des Données Personnelles (APDP)
  • The Autorité de Protection des Données Personnelles (APDP), also known as the Data Protection Authority in English, is responsible for overseeing data protection and privacy matters in Ivory Coast (Côte d'Ivoire). The APDP's role involves regulating the processing of personal data, ensuring compliance with data protection laws, and protecting individuals' privacy rights in the country.
  • Official Website: APDP


Kenya:

  • Authority: Office of the Data Protection Commissioner
    Kenya has established the Office of the Data Protection Commissioner (ODPC) as the regulatory authority responsible for overseeing data protection matters in the country. The ODPC plays a crucial role in enforcing data protection laws, promoting compliance with data protection regulations, and protecting individuals' privacy rights.
  • Official Website: ODPC


Lesotho:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Liberia:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Libya:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Madagascar:

  • Authority: Francophone Association of Personal Data Protection Authorities ('AFAPDP')
  • the Francophone Association of Personal Data Protection Authorities (AFAPDP) is an organization that promotes collaboration and cooperation among French-speaking countries in the field of data protection. While AFAPDP facilitates dialogue and exchange of information among its member authorities, it does not serve as a data protection authority in any specific country, including Madagascar.
  • Official Website: AFAPDP


Malawi:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Mali:

  • Authority: Autorité de Protection des Données à Caractère Personnel (APDP)
  • The APDP upholds the rights of individuals concerning their personal data. This includes the right to access, rectify, erase, and restrict the processing of their personal information. Individuals can file complaints with the APDP if they believe their data protection rights have been violated.
  • Official Website: APDP


Mauritania:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Mauritius:

  • Authority: Data Protection Office
  • Official Website: No Website


Morocco:

  • Authority: Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP)
    The Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP), also known as the National Commission for the Control of Personal Data Protection, serves as the regulatory authority responsible for overseeing data protection matters in Morocco.
  • Official Website: CNDP 


Mozambique:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Namibia:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Niger:

  • Authority: Commission Nationale de Protection des Données à Caractère Personnel (CNPDP)
  • In cases of serious data protection violations, the CNPDP has the authority to initiate legal proceedings against offending organizations. This may involve imposing fines, issuing warnings, or taking other enforcement measures to address non-compliance.
  • Official Website: No Website


Nigeria:

  • Authority: National Information Technology Development Agency (NITDA)
  • The Honduran National Constitution safeguards habeas data, granting individuals the right to access records affecting personal honor and family privacy, with a key goal of data protection being the security and safeguarding of public information.
  • Official Website: NITDA


São Tomé and Príncipe:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Rwanda:

  • Authority: Data Protection and Privacy Office
  • wanda has established the Data Protection and Privacy Office (DPPO) as the regulatory authority responsible for overseeing data protection matters in the country. The DPPO plays a crucial role in enforcing data protection laws, promoting compliance with data protection regulations, and protecting individuals' privacy rights.
  • Official Website: DPPO 


Senegal:

  • Authority: Superintendencia de Competencia (SC)
  • The CDP supervises the processing of personal data by data controllers and processors in Senegal. It conducts audits, inspections, and investigations to assess compliance with data protection laws and may impose sanctions for non-compliance.
  • Official Website: CDP


Seychelles:

  • Authority: Data Protection Commissioner
  • Official Website: No Website


Sierra Leone:

  • Authority:
  • Not specifically designated as of April 2023
  • Official Website: No Website


Somalia:

  • Authority: 
  • Not specifically designated as of April 2023
  • Official Website: No Website


South Africa:

  • Authority: Information Regulator
  • The National Authority for Transparency and Access to Information (ANTAI) of Panama is the governing authority for compliance with the Transparency Law. ANTAI also supervises conventions, agreements, commitments, provisions, treaties, programs and any other national and international issue regarding prevention against corruption.
  • Official Website: IR


South Sudan:

  • Authority: 
  • Not specifically designated as of April 2023
  • Official Website: No Website


Tanzania:

  • Authority: 
  • Not specifically designated as of April 2023
  • Official Website: No Website


Togo:

  • Authority: Commission Nationale de l'Informatique et des Libertés (CNIL)
  • Togo has established the Commission Nationale de l'Informatique et des Libertés (CNIL), which translates to the National Commission for Information Technology and Civil Liberties. The CNIL serves as the regulatory authority responsible for overseeing data protection matters in the country.
  • Official Website: CNIL


Tunisia:

  • Authority: Instance Nationale de Protection des Données Personnelles (INPDP)
  • Tunisia has established the Instance Nationale de Protection des Données Personnelles (INPDP), which translates to the National Instance for the Protection of Personal Data. The INPDP serves as the regulatory authority responsible for overseeing data protection matters in the country. The INPDP plays a crucial role in enforcing data protection laws, promoting compliance with data protection regulations, and protecting individuals' privacy rights.
  • Official Website: INPDP


Uganda:

  • Authority: National Information Technology Authority – Uganda (NITA-U)
  • The Personal Data Protection Office is Uganda’s independent data protection office. It is established as an independent office under the National Information Technology Authority, Uganda (NITA-U) and is responsible for overseeing the implementation of and enforcement of the Data Protection and Privacy Act No. 9 of 2019. The Office is headed by a National Personal Data Protection Director.
  • Official Website: NITA-U


Zambia:

  • Authority: 
  • Not specifically designated as of April 2023
  • Official Website: No Website


Zimbabwe:

  • Authority: 
  • Not specifically designated as of April 2023
  • Official Website: No Website