Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Namibia - Data Protection Overview
Back

Namibia - Data Protection Overview

May 2022

1. Governing Texts

Currently, Namibia does not yet have legislation that directly provides for data protection, nor has it established a data protection authority.

Personal data in Namibia is protected indirectly, however, through the right to privacy in the Constitution of the Republic of Namibia ('the Constitution'), as established by Article 13 of the Constitution. Nonetheless, there is no case law yet that can provide further clarity on the position of data protection in Namibia.

The Ministry of Information and Communication Technology of Namibia has been developing a Data Protection Bill ('the Draft Bill') for the last seven years. The Draft Bill has not yet been circulated for public comment or submitted to the Cabinet for review. However, the Draft Bill is set to establish a data protection authority and include ten principles of data protection.

1.1. Key acts, regulations, directives, bills

  • Article 13 of the Constitution
  • Section 227(3) of the Labour Act, 1992 (G.N. 156): regulating the health and safety of employees at work and the confidentiality of employee medical data

1.2. Guidelines

Not applicable.

1.3. Case law

Not applicable.

2. Scope of Application

2.1. Personal scope

Not applicable.

2.2. Territorial scope

Not applicable.

2.3. Material scope

Not applicable.

3. Data Protection Authority | Regulatory Authority

3.1. Main regulator for data protection

Not applicable.

3.2. Main powers, duties and responsibilities

Not applicable.

4. Key Definitions

Data controller: Not defined.

Data processor: Not defined.

Personal data: Not defined.

Sensitive data: Not defined.

Health data: Not defined.

Biometric data: Not defined.

Pseudonymisation: Not defined.

5. Legal Bases

5.1. Consent

Not applicable.

5.2. Contract with the data subject

Not applicable.

5.3. Legal obligations

Not applicable.

5.4. Interests of the data subject

Not applicable.

5.5. Public interest

Not applicable.

5.6. Legitimate interests of the data controller

Not applicable.

5.7. Legal bases in other instances

Not applicable.

6. Principles 

Not applicable.

7. Controller and Processor Obligations

7.1. Data processing notification

Not applicable.

7.2. Data transfers

Not applicable.

7.3. Data processing records

Not applicable.

7.4. Data protection impact assessment

Not applicable.

7.5. Data protection officer appointment

Not applicable.

7.6. Data breach notification

Not applicable.

7.7. Data retention

Not applicable.

7.8. Children's data

Not applicable.

7.9. Special categories of personal data

Not applicable.

7.10. Controller and processor contracts

Not applicable.

8. Data Subject Rights

8.1. Right to be informed

Not applicable.

8.2. Right to access

Not applicable.

8.3. Right to rectification

Not applicable.

8.4. Right to erasure

Not applicable.

8.5. Right to object/opt-out

Not applicable.

8.6. Right to data portability

Not applicable.

8.7. Right not to be subject to automated decision-making

Not applicable.

8.8. Other rights

Not applicable.

9. Penalties

Not applicable.

9.1 Enforcement decisions

Not applicable.