Law on Cybersecurity and Personal Data protection in the Republic of Guinea provides that the processing of personal data is subject to a prior declaration or request for authorisation of the competent authority designated by regulation. 

The declaration or request for authorisation may be sent to the authority in charge of personal data protection by post, in person at the premises of the said authority or by any other means against the delivery of an acknowledgment of receipt in due form. 

The authority in charge of personal data protection has a period of two months to decide on any declaration or request submitted or addressed to it. This period may be extended by two additional months provided that the personal data protection authority can justify its decision or the extension. 

The declaration or request for authorisation must include the commitment that the protection meets the requirements of the law on Cybersecurity and Protection of Personal Data and any other regulations or laws in the Republic of Guinea relating to personal data protection.  

At the end of this declaration, the competent authority issues a receipt and, if necessary, by electronic means. 

The applicant may then implement the processing operation upon receipt of the receipt. However, the applicant is not relieved of any responsibility. 

Processing operations carried out by the same organisation and having identical or related purposes may be subject to a single declaration. The information required under the declaration shall be provided for each of the processing operations only insofar as it is specific to said declaration. 

Law on Cybersecurity and Personal Data Protection also provides that the modalities for filing declarations or request for authorisation for the processing of personal data shall be determined by presidential decree. This decree has not yet been implemented.