Subscribe to our Newsletter to receive the latest updates on our content. By tapping the “Subscribe” button you will be redirected to subscription page. Subscription is free.
The Minister of Communication and Information Technology recently issued a notice (the Notice) on the commencement of the Personal Data Protection Act of 2022 (the Act). Pursuant to the Notice, the commencement date for the Act is 1 May 2023.
15 May 23
Other Insights:
Highlighted below are some of the important provisions.
- Establishment of the Data Protection Commission
The Commission is responsible for monitoring the compliance of the Act. - Registration of Data Collectors and Processors
Any person who intends to collect or process data in Tanzania is required to be registered by the Commission. - Data Collection, Use, Disclosure, Transfer and Retention
The Act has introduced restrictions on data collection, use, disclosure, transfer, and retention. - Offences and Penalties
The Act has introduced certain offences and their corresponding penalties. The maximum fine for the contravention of the Act is TZS 5 billion (approx. USD 2.125 million) for corporate entities and TZS 20 million (approx. USD 8,500) for natural persons. The maximum jail term is ten (10) years.
The coming into force of the PDPA signifies that the provisions of the Act must now be strictly observed and should there be any non-compliance, the persons or companies involved risk being fined. Going forward, every business will be required to observe the requirements of the laws when transferring data outside the country especially for cross-border businesses and with regard to cross-border transactions, in collecting personal data such as personal details of the employees and customers, and storing such data.
Should you have any questions on this legal alert, please do not hesitate to contact Geofrey Dimoso or Shemane Amin.