Law: Law 29-2019 on the Protection of Personal Data (only available in French here) ('the Law')
Regulator: The Commission (not yet established)
Summary: The Law, the first and primary data protection legislation in Congo, was published in the Official Gazette in November 2019. The Law has several parallels to the EU's General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), such as requiring data controllers and processors to appoint a data protection officer in certain circumstances, and prescribing that data controllers conduct Data Protection Impact Assessments when a type of processing is likely to result in a high risk to people's rights and freedoms. The Law also provides that a Commission responsible for the protection of personal data will be established through legislation in Congo. However, the Commission has not yet been established. Once formed, the Commission will be responsible for supervising compliance with the Law and exercising enforcement powers, including the issuance of fines.