Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Namibia - Data Protection Overview
June 2023
1. Governing Texts
Currently, Namibia does not yet have legislation that directly provides for data protection, nor has it established a data protection authority.
Personal data in Namibia is protected indirectly, however, through the right to privacy in the Constitution of the Republic of Namibia ('the Constitution'), as established by Article 13 of the Constitution. Nonetheless, there is no case law yet that can provide further clarity on the position of data protection in Namibia.
The Ministry of Information and Communication Technology of Namibia has been developing a Data Protection Bill ('the Draft Bill') for the last seven years. The Draft Bill seeks to establish a data protection authority and includes ten principles of data protection.
1.1. Key acts, regulations, directives, bills
- Article 13 of the Constitution
- Section 227(3) of the Labour Act, 1992 (G.N. 156): regulating the health and safety of employees at work and the confidentiality of employee medical data
1.2. Guidelines
Not applicable.
1.3. Case law
Not applicable.
2. Scope of Application
2.1. Personal scope
Not applicable.
2.2. Territorial scope
Not applicable.
2.3. Material scope
Not applicable.
3. Data Protection Authority | Regulatory Authority
3.1. Main regulator for data protection
Not applicable.
3.2. Main powers, duties and responsibilities
Not applicable.
4. Key Definitions
Pseudonymisation: Not defined.
5. Legal Bases
5.1. Consent
Not applicable.
5.2. Contract with the data subject
Not applicable.
5.3. Legal obligations
Not applicable.
5.4. Interests of the data subject
Not applicable.
5.5. Public interest
Not applicable.
5.6. Legitimate interests of the data controller
Not applicable.
5.7. Legal bases in other instances
Not applicable.
6. Principles
Not applicable.
7. Controller and Processor Obligations
7.1. Data processing notification
Not applicable.
7.2. Data transfers
Not applicable.
7.3. Data processing records
Not applicable.
7.4. Data protection impact assessment
Not applicable.
7.5. Data protection officer appointment
Not applicable.
7.6. Data breach notification
Not applicable.
7.7. Data retention
Not applicable.
7.8. Children's data
Not applicable.
7.9. Special categories of personal data
Not applicable.
7.10. Controller and processor contracts
Not applicable.
8. Data Subject Rights
8.1. Right to be informed
Not applicable.
8.2. Right to access
Not applicable.
8.3. Right to rectification
Not applicable.
8.4. Right to erasure
Not applicable.
8.5. Right to object/opt-out
Not applicable.
8.6. Right to data portability
Not applicable.
8.7. Right not to be subject to automated decision-making
Not applicable.
8.8. Other rights
Not applicable.
9. Penalties
Not applicable.
9.1 Enforcement decisions
Not applicable.