The International Bar Association ('IBA') African Regional Forum announced, on 14 July 2021, that it had released the IBA Africa Regional Forum Data Protection/Privacy Guide for Lawyers in Africa, a comprehensive guide on data protection and privacy laws for legal practitioners across Africa. In particular, the IBA outlined that the guide has been developed following data controllers under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') in Europe calling for their counterparts across Africa to implement a similar standard for data processed on their behalf. To this end, the IBA noted that little or no guidance has been given to legal practitioners in Africa regarding compliance with such European law. As such, the guide aims to provide advice as to how to manage personal data within a law firm, as well as easy-to-implement sustainable protocols and controls that adhere to international privacy laws, including data laws already adopted in African nations. 

Among other topics, the guide covers:

• an introduction to data protection in Africa;
• data protection principles, touching upon privacy notices and subject access requests;
• common exemptions;
• individual rights, notably rights to file complaints, rights to legal remedy and compensation, and rights for representation;
• data controller and data processor obligations, including duties regarding transparency and accountability, records of processing activities, cooperation with regulators, security measures, breach notification, the role of the data protection officer, Data Protection Impact Assessments ('DPIA'), and codes of conduct;
• the powers of regulators; and 
• how the GDPR might affect legal firms.

In addition, Appendix One provides an overview of data protection laws in Africa.

You can read the press release here and download the guide here.