Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Somalia: Data Protection Bill signed into law and enters into effect

On March 21, 2023, the President of the Federal Republic of Somalia, Hassan Sheikh Mohamud, announced, via X (formerly Twitter), that he had signed Law No. 005 of 2023 Data Protection Act (the Act) into law and, on March 23, 2023, it entered into effect. At this time, the Somali Data Protection Authority was also established.

What is the scope of the Act?

The Act applies only to a data controller where:

  • the data controller is domiciled, resident, or operating in the Federal Republic of Somalia;
  • the processing occurs within the Federal Republic of Somalia; or
  • the processing relates to the monitoring of the behavior of, or targeted offering of goods or services to, a data subject in the Federal Republic of Somalia.

What are the data subject rights provided in the Act? 

The Act provides data subject rights including:

  • the right to be informed of the processing of data;
  • the right to complain or send a request to the data controller;
  • the right to obtain information about their data from the data controller free of charge;
  • the right to know the details of the data controller;
  • the right to withdraw consent;
  • the right to access their personal data;
  • the right to data portability;
  • the right to data rectification;
  • the right to restrict or object to the processing of their data;
  • the right to be informed where their data is being processed for additional purposes;
  • the right to be informed about the transfer of their data to another country;
  • the right to complain to the relevant authority; and
  • the right to data deletion.

What are the features of the Act?

The Act establishes data controller obligations such as breach notification, the conducting of Data Protection Impact Assessments, vendor management, and restrictions on cross-border transfers. With regard to enforcement, the authority was established by the Federal Government of Somalia to supervise the protection of personal privacy and monitor compliance by organizations with the Act. Article 37 of the Act empowers the Authority to impose a penalty of up to $1 million or its equivalent in Somali currency on a data controller contravening the provisions of the Act.

You can read the announcement, only available in Somali, here, and the Act here.