DLA Piper Intelligence

Data Protection
Laws of the World

Breach Notification

Not applicable.

Last modified 21 Feb 2022
Law
Democratic Republic of Congo

The protection of personal data is included in the law on telecommunications, information and communication technology N° 20/017 of 25 November 2020 and published in the official journal on 22 September 2021 (the "Law"). The Law entered into force on the date of its approval (25 November 2020). 

The Ministerial Decree which should regulate the more practical details of the law has not yet been issued.

Last modified 21 Feb 2022
Definitions

Definition of Personal Data

Personal data: any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or to one or more factors specific to his/her physical, physiological, genetic, mental, cultural, social or economic identity (Article 4, 37).

Definition of Sensitive Personal Data

There is no separate definition of sensitive data, but the Law prohibits the collection of certain data which can be considered as sensitive:

The collection and processing of personal data revealing racial, ethnic or regional origin, parentage, political opinions, religious or philosophical beliefs, trade union membership, sex life, genetic data or, more generally, data relating to the state of health of the person concerned, are prohibited.
Last modified 21 Feb 2022
Authority

ARPTC (Autorité de Régulation de la Poste et des Télécommunications du Congo) or the authority for the regulation of postal and telecommunication services).

Last modified 21 Feb 2022
Registration

Not yet determined.

Last modified 21 Feb 2022
Data Protection Officers

Not applicable.

Last modified 21 Feb 2022
Collection & Processing

The collection and processing of personal data can only be carried out with the prior and explicit consent of the person concerned or on the request of the public prosecutor's office.

Last modified 21 Feb 2022
Transfer

Explicit and prior consent of the person is required.

Last modified 21 Feb 2022
Security

Not applicable.

Last modified 21 Feb 2022
Breach Notification

Not applicable.

Last modified 21 Feb 2022
Enforcement

No known cases as the Law is relatively new. 

Criminal sanctions apply as well as a fine ranging from USD 25,000 to 50,000 for the entity employing a person who breached data protection laws.

Last modified 21 Feb 2022
Electronic Marketing

Not applicable.

Last modified 21 Feb 2022
Online Privacy

Not applicable.

Last modified 21 Feb 2022
Contacts
Sophie Kabano Niwese
Sophie Kabano Niwese
Partner
PKM Africa
T +32 476 080 079
Mark Verelst
Mark Verelst
Senior Legal Expert
PKM Africa
T +32 495 79 05 69
Last modified 21 Feb 2022