DLA Piper Intelligence

Data Protection
Laws of the World

Law

Democratic Republic of Congo
Democratic Republic of Congo

The protection of personal data is included in the law on telecommunications, information and communication technology N° 20/017 of 25 November 2020 and published in the official journal on 22 September 2021 (the "Law"). The Law entered into force on the date of its approval (25 November 2020). 

The Ministerial Decree which should regulate the more practical details of the law has not yet been issued.

In the meantime, the council of Ministers adopted on 2 December 2022 a bill authorizing the ratification of the African Union Convention on Cybersecurity and the Protection of Personal Data adopted in Malabo, Equatorial Guinea on 27 June 2014. 

In addition, a bill on the establishment of a Digital Code was adopted by the Council of Ministers on 14 October 2022. No draft is publicly available yet.

Last modified 12 Jan 2023
Law
Democratic Republic of Congo

The protection of personal data is included in the law on telecommunications, information and communication technology N° 20/017 of 25 November 2020 and published in the official journal on 22 September 2021 (the "Law"). The Law entered into force on the date of its approval (25 November 2020). 

The Ministerial Decree which should regulate the more practical details of the law has not yet been issued.

In the meantime, the council of Ministers adopted on 2 December 2022 a bill authorizing the ratification of the African Union Convention on Cybersecurity and the Protection of Personal Data adopted in Malabo, Equatorial Guinea on 27 June 2014. 

In addition, a bill on the establishment of a Digital Code was adopted by the Council of Ministers on 14 October 2022. No draft is publicly available yet.

Last modified 12 Jan 2023
Definitions

Definition of Personal Data

Personal data: any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or to one or more factors specific to his/her physical, physiological, genetic, mental, cultural, social or economic identity (Article 4, 37).

Definition of Sensitive Personal Data

There is no separate definition of sensitive data, but the Law prohibits the collection of certain data which can be considered as sensitive:

The collection and processing of personal data revealing racial, ethnic or regional origin, parentage, political opinions, religious or philosophical beliefs, trade union membership, sex life, genetic data or, more generally, data relating to the state of health of the person concerned, are prohibited.
Last modified 12 Jan 2023
Authority

ARPTC (Autorité de Régulation de la Poste et des Télécommunications du Congo) or the authority for the regulation of postal and telecommunication services).

Last modified 12 Jan 2023
Registration

Not yet determined.

Last modified 12 Jan 2023
Data Protection Officers

Not applicable.

Last modified 12 Jan 2023
Collection & Processing

The collection and processing of personal data can only be carried out with the prior and explicit consent of the person concerned or on the request of the public prosecutor's office.

Last modified 12 Jan 2023
Transfer

Explicit and prior consent of the person is required.

Last modified 12 Jan 2023
Security

Not applicable.

Last modified 12 Jan 2023
Breach Notification

Not applicable.

Last modified 12 Jan 2023
Enforcement

No known cases as the Law is relatively new. 

Criminal sanctions apply as well as a fine ranging from USD 25,000 to 50,000 for the entity employing a person who breached data protection laws.

Last modified 12 Jan 2023
Electronic Marketing

Not applicable.

Last modified 12 Jan 2023
Online Privacy

Not applicable.

Last modified 12 Jan 2023
Contacts
Sophie Kabano Niwese
Sophie Kabano Niwese
Partner
PKM Africa
T +32 476 080 079
Mark Verelst
Mark Verelst
Senior Legal Expert
PKM Africa
T +32 495 79 05 69
Last modified 12 Jan 2023