Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Already have an account? Log in

Namibia - Data Protection Overview

Back

Namibia - Data Protection Overview

June 2023

1. Governing Texts

Currently, Namibia does not yet have legislation that directly provides for data protection, nor has it established a data protection authority.

Personal data in Namibia is protected indirectly, however, through the right to privacy in the Constitution of the Republic of Namibia ('the Constitution'), as established by Article 13 of the Constitution. Nonetheless, there is no case law yet that can provide further clarity on the position of data protection in Namibia.

The Ministry of Information and Communication Technology of Namibia has been developing a Data Protection Bill ('the Draft Bill') for the last seven years. The Draft Bill seeks to establish a data protection authority and includes ten principles of data protection.

1.1. Key acts, regulations, directives, bills

Article 13 of the Constitution
Section 227(3) of the Labour Act, 1992 (G.N. 156): regulating the health and safety of employees at work and the confidentiality of employee medical data

1.2. Guidelines

Not applicable.

1.3. Case law

Not applicable.

2. Scope of Application

2.1. Personal scope

Not applicable.

2.2. Territorial scope

Not applicable.

2.3. Material scope

Not applicable.

3. Data Protection Authority | Regulatory Authority

3.1. Main regulator for data protection

Not applicable.

3.2. Main powers, duties and responsibilities

Not applicable.

4. Key Definitions

Data controller: Not defined.

Data processor: Not defined.

Personal data: Not defined.

Sensitive data: Not defined.

Health data: Not defined.

Biometric data: Not defined.

Pseudonymisation: Not defined.

5. Legal Bases

5.1. Consent

Not applicable.

5.2. Contract with the data subject

Not applicable.

5.3. Legal obligations

Not applicable.

5.4. Interests of the data subject

Not applicable.

5.5. Public interest

Not applicable.

5.6. Legitimate interests of the data controller

Not applicable.

5.7. Legal bases in other instances

Not applicable.

6. Principles

Not applicable.

7. Controller and Processor Obligations

7.1. Data processing notification

Not applicable.

7.2. Data transfers

Not applicable.

7.3. Data processing records

Not applicable.

7.4. Data protection impact assessment

Not applicable.

7.5. Data protection officer appointment

Not applicable.

7.6. Data breach notification

Not applicable.

7.7. Data retention

Not applicable.

7.8. Children's data

Not applicable.

7.9. Special categories of personal data

Not applicable.

7.10. Controller and processor contracts

Not applicable.

8. Data Subject Rights

8.1. Right to be informed

Not applicable.

8.2. Right to access

Not applicable.

8.3. Right to rectification

Not applicable.

8.4. Right to erasure

Not applicable.

8.5. Right to object/opt-out

Not applicable.

8.6. Right to data portability

Not applicable.

8.7. Right not to be subject to automated decision-making

Not applicable.

8.8. Other rights

Not applicable.

9. Penalties

Not applicable.

9.1 Enforcement decisions

Not applicable.

Privacy Law Concepts Privacy Law Reform

About the authors

Irvin Titus

Koep & Partners

Irvin was admitted as an attorney of the High Court of Namibia in April 2003 and joined Koep & Partners in January 2004. He heads the commercial department at Koep & Partners and advises a range of multinational technology companies on telecommunications laws in Namibia. He has advised multiple fortune 500 companies on the launch of new software products and features in Namibia. Irvin Assisting an American multinational technology company that specializes in Internet-related services and products, which include a search engine, with the following scope of work in the development of a data protection regulation tracker for Namibia, assessing whether any data protection regulation has extra territorial reach, establishing any legal requirement for an agreement for controller-processor or controller-controller relationships, assessing whether there are any legal requirements for the appointment of a data protection officer, identifying any laws that require data localization confirming the existence of a data protection authority and identifying any fines or personal liability for data breaches.

Irvin is also ssisting a Namibian agri-business transferring personnel data to a subsidiary based in the United Kingdom with the following scope of work: reviewing agreements which govern cross-border inter-company data transfers between “data importer” and “data exporter”, with specific application to employee data. Irvin is a memenbr of Law Socity of Namibia.

[email protected]

Zach Kauraisa

Koep & Partners

Zach commenced his articles of clerkship with Koep & Partners under the supervision of Irvin Titus in 2021. He has assisted multiple software companies on the launch of various new features and applications in Namibia. He has advised on video and audio streaming features, spatial data collection and processing, and cross-border data transfers.

Zach is assisting a Swiss multinational commodity trading company in its due diligence of a multinational energy company with downstream assets in Namibia. Part of the due diligence contained the following scope of works - Reviewing the target entities’ approach to cybersecurity and data privacy compliance, noting any deficiencies in any policies, personnel or practices, reviewing data processing restrictions or requirements related to handling employee data under applicable trade union or works council arrangement, noting any particularly stringent requirements or restrictions and confirming the existence of any public database or registry and searching for any disclosures to governmental authorities in connection with a data breach.

[email protected]

Continue reading on DataGuidance with:

Free Member

Free Trial

Namibia - Data Protection Overview

June 2023

1. Governing Texts

1.1. Key acts, regulations, directives, bills

1.2. Guidelines

1.3. Case law

2. Scope of Application

2.1. Personal scope

2.2. Territorial scope

2.3. Material scope

3. Data Protection Authority | Regulatory Authority

3.1. Main regulator for data protection

3.2. Main powers, duties and responsibilities

4. Key Definitions

5. Legal Bases

5.1. Consent

5.2. Contract with the data subject

5.3. Legal obligations

5.4. Interests of the data subject

5.5. Public interest

5.6. Legitimate interests of the data controller

5.7. Legal bases in other instances

6. Principles

7. Controller and Processor Obligations

7.1. Data processing notification

7.2. Data transfers

7.3. Data processing records

7.4. Data protection impact assessment

7.5. Data protection officer appointment

7.6. Data breach notification

7.7. Data retention

7.8. Children's data

7.9. Special categories of personal data

7.10. Controller and processor contracts

8. Data Subject Rights

8.1. Right to be informed

8.2. Right to access

8.3. Right to rectification

8.4. Right to erasure

8.5. Right to object/opt-out

8.6. Right to data portability

8.7. Right not to be subject to automated decision-making

8.8. Other rights

9. Penalties

9.1 Enforcement decisions

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us