Data Protection in Gabon

Data protection officers in Gabon

Under the new law on personal data, the appointment of a DPO is no longer left exclusively to the discretion of the data controller. Indeed, the law establishes specific situations in which a DPO must be appointed, thus limiting the discretionary power of the data controller. These conditions, governed by article 125, are as follows:

  • Where the processing is carried out by a public authority or public body, with the exception of courts acting in the exercise of their judicial function;
  • Where the basic activities of the controller or processor consist of processing operations which, by virtue of their nature, their scope or their purposes, require regular and systematic large-scale monitoring of the data subjects; Where the basic activities of the controller or processor consist of processing operations which, by virtue of their nature, their scope or their purposes, require regular and systematic large-scale monitoring of the data subjects; 
  • Where the basic activities of the controller or processor consist of large-scale processing of sensitive data and data relating to convictions for criminal offences.

In addition, according to article 130 of the aforementioned law on personal data, this position must be held by a person with the qualifications required to carry out his or her duties, namely professional qualities, particularly relating to knowledge of the law and matters relating to data protection.

According to Article 138, the Data Protection Officer is responsible for ensuring that data processing is compliant. His duties cover all processing carried out by the body that appointed him. In this capacity, he is responsible for:

  • informing and advising the data controller or data processor, as well as the people in the organisation who process the data, of their obligations under this law;
  • monitoring compliance with this law and with the internal rules put in place by the data controller or data processor with regard to data protection, including the allocation of responsibilities and the awareness and training of staff involved in data processing and auditing operations;
  • giving an opinion on data protection impact assessments and checking that they have been carried out;
  • to cooperate with the APDPVP, including in the event of prior consultation by the controller when a data protection impact assessment is carried out, and to consult, as appropriate, on any other matter.

Continue reading

  • no results

Previous topic
Back to top