Law: The Personal Data Protection Act 2022, Act No. 11 of 2022 ('PDPA')
Regulator: The Personal Data Protection Commission ('PDPC').
Summary: The PDPA was passed into law on 27 November 2022, and contains detailed provisions imposing obligations on data controllers and data processors, including requirements associated with data security and international data transfers, and establishes the PDPC. The PDPA entered into force on 1 May 2023, by means of Government Notice No. 326 of 2023 (only available in Kiswahili here), which was published on 28 April 2023. Subsequently, on 12 May 2023, the Data Protection (Collection and Processing of Personal Data) Regulations, 2023 (only available in Kiswahili here) and the Data Protection (Complaints Handling Procedure) Regulations, 2023 (only available in Kiswahili here), were published by the Ministry of Information, Communication, and Information Technology.
Moreover, provisions regarding data protection can be found in various other pieces of legislation such as the Constitution of the United Republic of Tanzania (only available in Swahili here). In addition, the Cybercrimes Act, 2015 provides for offences related to violations of privacy against or using a computer system located in Tanzania. There are also notable requirements in the financial sector through the Bank of Tanzania (Credit Reference Bureau) Regulations, 2012. Furthermore, the Electronic and Postal Communications Act, 2010 ('EPOCA') governs electronic, telecommunications and postal communications in Tanzania and is enforced by the Tanzania Communications and Regulatory Authority ('TCRA').