Privacy Law at Tanzania
Tanzania's Personal Data Protection Act No. 11 of 2022 (PDPA) establishes a comprehensive legal framework for the collection, processing, and protection of personal data within the country. The Act came into effect on May 1, 2023, and is applicable to both Mainland Tanzania and Zanzibar, except for non-Union matters in Zanzibar
🇹🇿 Key Provisions of the PDPA
1. Establishment of the Personal Data Protection Commission (PDPC)
The PDPC is responsible fo:
Monitoring compliance with theDP.
Registering data controllers and processor.
Investigating complaints related to data protection violation.
Promoting public awareness on data protection issues
2. Registration of Data Controllers and Processors
Entities intending to collect or process personal data mus:
Submit a registration application to the PDP.
Provide necessary documentation, such as identity or incorporation document.
Pay a registration fee based on the number of employee. The registration certificate is valid for five years and can be renewed
3. Rights of Data Subjects
Individuals have the following rights under the PDP:
Right to be informed about data collection and processing purpose.
Right to access personal data held by data controller.
Right to object to processing that may adversely affect the.
Right to rectify inaccurate or incomplete dat.
Right not to be subject to automated decision-making
4. Sensitive Personal Data
The PDPA defines sensitive personal data to includ:
Genetic dat.
Children's data (persons under 18 years.
Criminal records.
Financial transaction.
Biometric informatio. Additionally, data revealing race, ethnicity, political beliefs, religious or philosophical beliefs, trade union membership, gender, health data, or sexual orientation are considered sensitive
5. Cross-Border Data Transfers
The PDPA permits the transfer of personal data outside Tanzania i:
The recipient country has an adequate level of data protectio.
The transfer is necessary for public interest tasks or lawful function.
The data subject's legitimate interests are not prejudiced by the transfer
6. Offenses and Penalties
Violations of the PDPA may result i:
For individuals:
Fines ranging from TZS 100,000 to TZS 20 million (approximately USD 43 to USD 8,600.
Imprisonment for up to 10 years, or both fine and imprisonmen. For organizations:
Fines ranging from TZS 1 million to TZS 5 billion (approximately USD 430 to USD 2.13 million)
🧭 Summary
Tanzania's Personal Data Protection Act No. 11 of 2022 establishes a robust framework for personal data protection, aligning with global standars The Act empowers individuals with rights over their personal data and imposes stringent obligations on data controllers and processos With the Personal Data Protection Commission now operational, compliance with the PDPA is mandatory for all entities handling personal data in Tanzania
RELATED Blog
0 comments