DLA Piper Intelligence

Data Protection
Laws of the World

Key Contacts

Yves Brosens
Yves Brosens
Partner
T +32 472 582 000
Pierre Vanholsbeke
Pierre Vanholsbeke
Junior Partner
T + 32 472 79 54 24

Data Privacy Tool

You may also be interested in our Data Privacy Scorebox to assess your organization's level of data protection maturity.

Law
Republic of Congo

The protection of personal data is governed by the law on the protection of data with a personal character N° 29 - 2019 of 10 October 2019 and was published in the official journal on 7 November 2019 (the "Law"). The Law entered into force on the date of its approval (25 November 2020).

Beside the Law, there are several sectoral laws or decrees that contain data protection aspects (on cybersecurity, mobile telecommunications, etc.)

Last modified 23 Feb 2024
Definitions

Definition of Personal Data

Any information relating to a natural person identified or identifiable directly or indirectly, by reference to an identification number or identifiable on the basis of one or more elements specific to his / her physical, physiological, genetic, psychological, cultural, social or economic identity.

Definition of Sensitive Personal Data

Genetic data, data relating to minors, data relating to offences, criminal convictions or security measures, biometric data and, all personal data revealing ethnic origin, parentage, political opinions, religious or philosophical beliefs, trade union membership, gender, health and sex life.

Last modified 23 Feb 2024
Authority

The Law provides for the creation of a national data protection Commission by a separate law. This Commission plays an important role in the Law and its application. However, we are not aware this Commission has been established.

Last modified 23 Feb 2024
Registration

The Law requires, save for some exceptions, that the processing of personal data must be notified to the Commission. The Commission provides a confirmation of receipt of the notification after which the entity that made the notification can start processing personal data. If some of the data or sensitive personal data and the processing is not prohibited, a prior authorisation is to be obtained from the Commission. The Commission renders a decision within two months after receipt of the request to process certain sensitive personal data.

Last modified 23 Feb 2024
Data Protection Officers

A data protection officer (délégué à la protection des données) needs to be appointed when the data procession is done by:

  • a public entity;
  • the nature of the data processing because of its nature, purpose or nature require a regular and systematic follow-up; or
  • when the data processing is on a large scale for particular data.
Last modified 23 Feb 2024
Collection & Processing

The collection and processing of personal data can only be carried out with the prior and explicit consent of the person concerned. Some exceptions apply when the processing is for valid legal reasons, in the public interest, for the performance of an agreement or to protect the fundamental rights of the person concerned.

Last modified 23 Feb 2024
Transfer

Cross-border transfer of personal data is only allowed if the receiving state offers a similar protection of personal data and the Commission is notified in advance of the intention to transfer data to a third country.

Last modified 23 Feb 2024
Security

The Law provides for a detailed overview of security measures that must be taken by the processor of personal data in order to secure the personal data.

Last modified 23 Feb 2024
Breach Notification

The processor of personal data must in case of a breach of the security inform the Commission without delay and at the latest within 72 hours after it identified the breach.

Mandatory breach notification

It is mandatory to notify every breach to the Commission, however, the 72 hours deadline does not apply in case there is no risk for the rights of the persons concerned. The breach must still be notified, but it must be explained why the breach was notified more than 72 hours after the identification of the breach.

The persons concerned must also informed of the breach if it poses an important risk for its rights.

Last modified 23 Feb 2024
Enforcement

No known cases as far as we know. The Commission is not yet established.

Criminal sanctions apply as well as fines ranging from USD 1,800 to 180,000.

Last modified 23 Feb 2024
Electronic Marketing

Regulated by separate law.

Last modified 23 Feb 2024
Online Privacy

Regulated by separate law.

Last modified 23 Feb 2024
Contacts
Yves Brosens
Yves Brosens
Partner
T +32 472 582 000
Pierre Vanholsbeke
Pierre Vanholsbeke
Junior Partner
T + 32 472 79 54 24
Last modified 23 Feb 2024