Support Centre

São Tomé and Príncipe


Law: Law No. 03/2016 on the Protection of Personal Data (only available in Portuguese here) ('the Law')

Regulator: National Data Protection Agency ('ANPDP')

Summary: The Law establishes a relatively comprehensive data protection framework and addresses matters such as data processing notifications, data protection principles, data processor agreements, and essential data subject rights. Although the Law also requires notifications to the ANPDP in relation to data transfers, it does not provide for data breach notifications, nor does it cover data protection officer appointments or impact assessments. In 2018, a series of Resolutions were issued by the ANPDP that generally exempted data processing notifications under certain circumstances, and primarily in relation to employment and employee's data.