DLA Piper Intelligence

Data Protection
Laws of the World

Law

Burundi
Burundi

Burundi does not have a law that specifically regulates personal data protection. However, several laws and regulations currently in force contain data protection provisions or impose confidentiality obligations on specific types of personal information. For example, employment, banking, telecommunications and health sector laws impose some data protection requirements. Such provisions generally require covered entities to maintain the confidentiality of personal information.

  • Under Law n° 1/012 of May 30, 2018 on the Code of Health Care and Health Services Provision in Burundi, healthcare institutions are required to maintain the confidentiality of patient information, unless confidentiality is waived in cases provided for by law.

  • Law No. 1/17 of August 22, 2017 governing banking activities: Article 133 imposes confidentiality obligations on customer and account information. This article provides that any person who contributes to the operation, control or supervision of a banking institution is bound to professional secrecy. Violations are enforced under penal code provisions without prejudice to disciplinary proceedings.

  • Several Ministerial Orders applicable to the telecommunications sector have been adopted to protect the privacy of and restrict access to and interception of the contents of communications (Legislative Decree No. 100/153 of June 17, 2013 on the Regulation of the Control and Taxation System for International Telephone Communications entering Burundi; Decree-Law No. 100/112 of April 5, 2012 on the Reorganization and Operation of the Telecommunications Regulatory and Control Agency 'ARCT'; Ministerial Ordinance No. 730/1056 of November 7, 2007 on the interconnection of telecommunications networks and services opened to the public).
Last modified 28 Jan 2019
Law
Burundi

Burundi does not have a law that specifically regulates personal data protection. However, several laws and regulations currently in force contain data protection provisions or impose confidentiality obligations on specific types of personal information. For example, employment, banking, telecommunications and health sector laws impose some data protection requirements. Such provisions generally require covered entities to maintain the confidentiality of personal information.

  • Under Law n° 1/012 of May 30, 2018 on the Code of Health Care and Health Services Provision in Burundi, healthcare institutions are required to maintain the confidentiality of patient information, unless confidentiality is waived in cases provided for by law.

  • Law No. 1/17 of August 22, 2017 governing banking activities: Article 133 imposes confidentiality obligations on customer and account information. This article provides that any person who contributes to the operation, control or supervision of a banking institution is bound to professional secrecy. Violations are enforced under penal code provisions without prejudice to disciplinary proceedings.

  • Several Ministerial Orders applicable to the telecommunications sector have been adopted to protect the privacy of and restrict access to and interception of the contents of communications (Legislative Decree No. 100/153 of June 17, 2013 on the Regulation of the Control and Taxation System for International Telephone Communications entering Burundi; Decree-Law No. 100/112 of April 5, 2012 on the Reorganization and Operation of the Telecommunications Regulatory and Control Agency 'ARCT'; Ministerial Ordinance No. 730/1056 of November 7, 2007 on the interconnection of telecommunications networks and services opened to the public).
Last modified 28 Jan 2019
Definitions

Definition of personal data

Not specifically defined. 

Definition of sensitive personal data

Not specifically defined.

Last modified 28 Jan 2019
Authority

There is no national data protection authority in Burundi.

Last modified 28 Jan 2019
Registration

There is no requirement to register databases.

Last modified 28 Jan 2019
Data Protection Officers

There is no requirement to appoint a data protection officer.

Last modified 28 Jan 2019
Collection & Processing

Most sector specific laws and regulations that impose confidentiality and data protection requirements apply to covered entities under the law or regulation, and require such entities to maintain the confidentiality of personal information during processing.

Last modified 28 Jan 2019
Transfer

No geographic transfer restrictions apply in Burundi. Certain sector specific provisions require companies to obtain consent prior to third party transfers of personal information. Notably, under Article 16 of Law n ° 1/012 of May 30, 2018 on the Code of Health Care and Health Services Provision in Burundi, "every patient has the right to decide on the use of the medical information concerning him and the conditions under which they may be transmitted to third parties."

Last modified 28 Jan 2019
Security

There are no specific data security requirements in Burundi.

Last modified 28 Jan 2019
Breach Notification

There are no breach notification requirements in Burundi.

Last modified 28 Jan 2019
Enforcement

The relevant sector specific agency or regulator is generally authorized to enforce violations of confidentiality requirements.

Last modified 28 Jan 2019
Electronic Marketing

There are no specific electronic marketing requirements in Burundi.

Last modified 28 Jan 2019
Online Privacy

There are no specific online privacy requirements in Burundi.

Last modified 28 Jan 2019
Contacts
Claver Nigarura
Claver Nigarura
Managing Partner
Rubeya & Co-Advocates
T +257 22 24 89 10
Last modified 28 Jan 2019