Law: Data Protection Act, 2002 ('the Act'). An official version of the Act is not publicly available.

Regulator: Data Protection Commissioner (not yet established)

Summary: The Act would be the key piece of data protection legislation in the Seychelles, however, it is not yet in force despite being enacted in 2003. Once the Act comes into force, it will primarily apply to data subjects, data users, and persons running a computer bureau. Seychelles does not currently have a national data protection regulator, however the Act provides for the establishment of the Data Protection Commissioner, which will be responsible for the maintenance of a registry comprising data users who hold personal data, and ensuring that data principles are being properly observed by data users. The Act will also provide for a data subject right of access, and certain prohibitions against data transfers. There are also several relevant pieces of sector-specific legislation in the Seychelles, particularly governing the financial sector.