LEGAL ALERT: DATA CONTROLLERS & PROCESSORS REGISTRATION IN TANZANIA BEGINS AS THE PERSONAL DATA PROTECTION COMMISSION BECOMES FULLY OPERATIONAL
MARCH 18, 2024

Functions of the PDPC

The operationalization of the PDPC has been a long-awaited development to strengthen the implementation and enforcement of the Personal Data Protection Act, 2022 in the country. The PDPC’s mandates are clearly stated under section 7 of the Act as follows:

  1. To monitor compliance by data controllers and data processors of the provisions of this Act;
  2. To register data controllers and data processors in accordance with this Act;
  3. To receive, investigate and deal with complaints about alleged violations of the protection of personal data and privacy of persons;
  4. To inquire into and take measures against any matter, that appears to the Commission to affect the protection of personal data and infringe privacy of individuals;
  5. To educate the public as may be appropriate to the implementation of objectives of this Act;
  6. To undertake research and to monitor technological developments in data processing;
  7. To establish mechanisms of cooperation with other data protection authorities from other countries, and advise the Government on matters relating to implementation of this Act;
  8. To perform other functions of the Commission for better implementation of the provisions of this Act.

Registration of Data Controller & Data Processors

The Act clearly prohibits any person to collect or process personal data without being registered with PDPC either as a data controller or data processor. In that regard, we urge all individuals or businesses that collect or process personal data to comply with the law. The Act and its attendant regulations, to wit, the Data Protection (Collection and Processing of Personal Data) Regulations, GN. No. 349 of 2023 mandate the PDPC to register data controllers and data processors.

In order to effectively fulfill the registration role, the PDPC has introduced the Registration and Complaints Management Information System (RCMIS) enabling data controller(s) and processor(s) to register efficiently. Anyone intending to register as a data controller or data processor will need to submit an application with all necessary documents and pay the required fees. Upon receiving the application, the PDPC will review it and either approve or reject it.. If approved, a certificate of registration will be granted to the data controller or data processor, valid for 5 years from the date of registration.

Personal Data complaints

The PDPC has also introduced the online complaint system, enabling data subjects to fill out the complaint form and submit it to the Commission. The complaint form requires the complainant to provide personal details, information regarding the controller or processor, the nature of complaint, and whether any other remedy or redress has already been pursued . The complaint shall be handled in accordance with the Data Protection (Complaints Handling Procedure) Regulations, GN. No. 350. The Complaint Handling Regulations provide for who may lodge a complaint; the procedure for lodging the complaint; and the procedure for handling and resolving complaints.

It is important to note that the Complaint Handling Regulations allow the complainant to lodge a complaint orally with the Commission. We believe oral complaints can be made at the PDPC offices, which are presently situated at the Universal Communications Service Access Fund (UCSAF House) in Njedengwa, Dodoma. Additionally, there is a Zanzibar Commission’s Office located on the Fourth (4th) floor of the Bombay Bazar Center in the Amani roundabout area on the way to Mwanakwerekwe.

With the operationalization of the PDPC, it has become even more crucial for individuals and entities to achieve full compliance with the Personal Data Protection Act (PDPA). The implementation of the Act will be further facilitated by the issuance of guidance on various matters. The Personal Data Protection Commission has already prepared four key guidelines to this effect:

  • Guidelines for Registering Data Collectors and Processors;
  • Guidelines for Managing Complaints;
  • Guidelines for the Personal Data Protection Policy;
  • Guidelines for the Data Subject’s Consent.

These guidelines are expected to be extremely valuable in understanding and navigating the requirements of the PDPA.

To read more about registration and complaints read our previous article available at https://victoryattorneys.co.tz/data-protection-regulations-published-in-tanzania/

Victory Attorneys and Consultants are experts in data protection, privacy information and cybersecurity. Contact us for assistance and advice on ensuring compliance with the data protection laws and Regulations. Victory Attorneys & Consultants can be reached through the address below:

Victory Attorneys & Consultants,
IT Plaza Building, 1st Floor,
Ohio Street/Garden Avenue,
P.O. Box 72015, Dar es Salaam.
Mobile No: 0752089685/0682197331
Email: info@victoryattorneys.co.tz

DISCLAIMER: This article is not intended to provide legal advice but to provide general information on the matter covered in the Article. The article does not constitute and is not to be relied upon as legal advice. Victory Attorneys & Consultants shall not be responsible for any loss in the event this Article is relied upon without seeking our professional advice first.

 
Quick Links

Mootcourt Competition

Essay Competition

Firm Profile

Main Office

IT Plaza Building

1st Floor, Ohio Street/Garden Avenue

P.O. Box 72015, Dar Es Salaam

Contact Us

+255 752 089 685

+255 673 717 790

info@victoryattorneys.co.tz

VICTORY ATTORNEYS & CONSULTANTS ©2024