Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Namibia - Data Protection Overview
April 2024
1. Governing Texts
The Republic of Namibia enshrined the right to privacy as a fundamental human right under Article 13 of the Constitution. Accordingly, all persons enjoy a right to privacy in their homes, correspondences, or communications. However, the right may be limited as required by law, as well as in the interest of protecting national security, public safety or the economic well-being of the country, health and morals, disorder and/or crime, and rights and freedoms of other individuals. Besides this, it is noteworthy to highlight that Namibia does not yet have any comprehensive legislation that directly provides for data protection, nor has it established a data protection authority. Attempts have been made in the past few years to promulgate an Electronic Transactions and Cybersecurity Bill in 2017 without success. The bill received extensive criticism and the Ministry of Information and Communication Technology of Namibia (‘the Ministry’) was compelled to remove the Bill from the public consultation process.
The Ministry has been developing a Data Protection Bill ('the Draft Bill') for several years. In February 2020, a multi-stakeholder consultation on the Draft Bill was had, with further online consultations having been had between September and mid-October 2020 with the support of the Council of Europe, and was eventually published in 2021 by the Namibian Government. The Draft Bill seeks to establish a data protection authority and includes ten principles of data protection that include the following:
the establishment of a Data Protection Supervisory Authority;
to provide for the powers, functions, and duties of the Authority;
creation of data controllers and processors’ obligations;
provide for the regulation of the processing of personal data in order to protect the fundamental rights and freedoms of individuals provided for in the Constitution;
stipulating the rights of individuals about whom data is processed;
providing for restrictions and exemptions with respect to the processing of data under the provisions of the Act; and
providing for the conduct requirements of controllers and processors of matter associated with the Act.
Nonetheless, there are various sector-specific pieces of legislation that protect client data, especially in the legal, labor, and banking spheres.
1.1. Key acts, regulations, directives, bills
Article 13 of the Constitution.
Section 227(3) of the Labour Act, 1992 (G.N. 156): regulating the health and safety of employees at work and the confidentiality of employee medical data.
Section 49 of the Financial Intelligence Act, 2012: protection of confidential information held by the Financial Intelligence Centre.
1.2. Guidelines
Not applicable.
1.3. Case law
Not applicable.
2. Scope of Application
2.1. Personal scope
Not applicable.
2.2. Territorial scope
Not applicable.
2.3. Material scope
Not applicable.
3. Data Protection Authority | Regulatory Authority
3.1. Main regulator for data protection
Not applicable.
3.2. Main powers, duties and responsibilities
Not applicable.
4. Key Definitions
Pseudonymization: Not defined.
5. Legal Bases
5.1. Consent
Not applicable.
5.2. Contract with the data subject
Not applicable.
5.3. Legal obligations
Not applicable.
5.4. Interests of the data subject
Not applicable.
5.5. Public interest
Not applicable.
5.6. Legitimate interests of the data controller
Not applicable.
5.7. Legal bases in other instances
Not applicable.
6. Principles
Not applicable.
7. Controller and Processor Obligations
7.1. Data processing notification
Not applicable.
7.2. Data transfers
Not applicable.
7.3. Data processing records
Not applicable.
7.4. Data protection impact assessment
Not applicable.
7.5. Data protection officer appointment
Not applicable.
7.6. Data breach notification
Not applicable.
7.7. Data retention
Not applicable.
7.8. Children's data
Not applicable.
7.9. Special categories of personal data
Not applicable.
7.10. Controller and processor contracts
Not applicable.
8. Data Subject Rights
8.1. Right to be informed
Not applicable.
8.2. Right to access
Not applicable.
8.3. Right to rectification
Not applicable.
8.4. Right to erasure
Not applicable.
8.5. Right to object/opt-out
Not applicable.
8.6. Right to data portability
Not applicable.
8.7. Right not to be subject to automated decision-making
Not applicable.
8.8. Other rights
Not applicable.
9. Penalties
Not applicable.
9.1 Enforcement decisions
Not applicable.