Loi 20/2017 · The Data Protection Act 2017

THE DATA PROTECTION ACT 2017

Act 20/2017

Proclaimed by [Proclamation No. 3 of 2018] w.e.f. 15 January 2018

Government Gazette of Mauritius No. 120 of 23 December 2017

I assent

BIBI AMEENAH FIRDAUS GURIB-FAKIM

22 December 2017 President of the Republic

ARRANGEMENT OF SECTIONS

Section

PART I – PRELIMINARY

Short title
Interpretation

Application of Act

PART II – DATA PROTECTION OFFICE

Sub-Part A – Establishment of Data Protection Office

Establishment of Office

Sub-Part B – Functions and Powers of Commissioner

Functions of Commissioner
Investigation of complaints
Power to require information
Preservation Order
Enforcement notice
Power to seek assistance

Sub-Part C – Powers of Authorised Officers

Power of entry and search
Obstruction of Commissioner or authorised officer

Sub-Part D – Delegation of Power

Delegation of power by Commissioner

PART III – REGISTRATION OF CONTROLLERS AND PROCESSORS

Controller and Processor

Application for registration
Issue of registration certificate
Change in particulars
Renewal of registration certificate
Cancellation or variation of terms and conditions of registration certificate
Register of controllers and processors

PART IV – OBLIGATIONS ON CONTROLLERS AND PROCESSORS

Principles relating to processing of personal data
Duties of controller
Collection of personal data
Conditions for consent
Notification of personal data breach
Communication of personal data breach to data subject
Duty to destroy personal data
Lawful processing
Special categories of personal data
Personal data of child
Security of processing
Prior security check
Record of processing operations

PART V – PROCESSING OPERATIONS LIKELY TO

PRESENT RISK

Data protection impact assessment
Prior authorisation and consultation

PART VI – TRANSFER OF PERSONAL DATA OUTSIDE MAURITIUS

Transfer of personal data outside Mauritius

PART VII – RIGHTS OF DATA SUBJECTS

Right of access
Automated individual decision making
Rectification, erasure or restriction of processing
Right to object
Exercise of rights

PART VIII – OTHER OFFENCES AND PENALTIES

Unlawful disclosure of personal data
Offence for which no specific penalty provided

PART IX – MISCELLANEOUS

Exceptions and restrictions
Annual report
Compliance audit
Codes and guidelines
Certification

Confidentiality and oath
Protection from liability
Right of appeal
Special jurisdiction of Tribunal
Prosecution and jurisdiction
Certificate issued by Commissioner
Regulations
Repeal
Transitional provisions
Commencement

SCHEDULE

An Act

To provide for new legislation to strengthen the control and personal autonomy of data subjects over their personal data, in line with current relevant international standards, and for matters related thereto

ENACTED by the Parliament of Mauritius, as follows –

PART I – PRELIMINARY

Short title

This Act may be cited as the Data Protection Act 2017.

Interpretation

In this Act – “authorised officer” means an officer to whom the Commissioner has delegated his powers under section 13;

Accédez à toute la base juridique africaine sur Maathis

Maathis centralise la jurisprudence, la législation et la doctrine de l'Afrique francophone. Recherche, IA conversationnelle, veille et conformité, pour les avocats, juristes et compliance officers.

Recherche juridique IATrouvez instantanément lois, décrets, arrêts et codes dans 18+ pays africains et l'espace OHADA.

Chat assistant juridiquePosez vos questions, obtenez des réponses sourcées et citées par notre IA spécialisée.

Veille réglementaireRestez à jour sur les évolutions du droit national et OHADA via des alertes personnalisées.

Conformité & due diligenceVérifiez PEP, sanctions, contentieux et risques sur vos partenaires en quelques clics.

Documents cités dans ce texte