Can you summarize Data Protection Act No. 20/2017 (in English)?

Short Summary

The Data Protection Act No. 20/2017 governs the protection of personal data and the autonomy of data subjects over their data. It applies to controllers and processors of personal data, ensuring compliance with the Act and promoting self-regulation. The Act establishes the Data Protection Office, headed by the Data Protection Commissioner, who has various functions and powers, including investigating complaints and issuing enforcement notices. The Act also requires registration of controllers and processors, sets out obligations on them, and provides for the rights of data subjects. Processing operations likely to present a risk require a data protection impact assessment, and the Act regulates the transfer of personal data outside Mauritius. Non-compliance with the Act may result in penalties such as fines and imprisonment.

Whom does it apply to?

Controllers and processors of personal data

What does it govern?

Data protection and personal autonomy of data subjects over their personal data

What are exemptions?

Exchange of information between Ministries, Government departments, and personal or household activities

What are the Penalties?

Fine not exceeding 50,000 rupees and imprisonment for a term not exceeding 2 years

Jurisdiction

Mauritius

Source

Data Protection Act No. 20/2017 (in English) [https://reggi.cloud.regology.com/regulations/MU-L/MU-L_OS_DP]

• Privacy