On February 24, 2024, Somalia reached a significant step in its journey towards digital transformation with the inauguration of its Data Protection Authority (hereinafter “the DPA”). In a context of historic political challenges, Somalia’s commitment to embracing the digital age while protecting citizens’ privacy rights is highlighted by the creation of the DPA.
A step towards modernization
The creation of the DPA follows the approval of Somalia’s Data Protection Law (Law No. 005 of 2023). This represents a significant legislative achievement, ratified by both parliamentary chambers, and signed by President Hassan Sheikh Mohamud in March 2023. This Law paved the way for strong data protection regulations in Somalia, bringing the country in line with global standards. By founding the DPA, Somalia is demonstrating its commitment to promoting digital trust and responsibility. The DPA’s inauguration ceremony was attended by a distinguished gathering, including key government officials, as well as representatives from civil society organizations and various other business sectors. The ministers and representatives who attended insisted on the crucial role of data protection in Somalia’s digital advancement, and emphasized the importance of collaboration between the various stakeholders.
Challenges and opportunities
Despite notable achievements, Somalia faces a number of challenges in implementing effective data protection mechanisms. These challenges, which include strengthening the country’s technological infrastructure, coordinating regulatory authorities as well as enforcing and promoting a culture of compliance, are above all opportunities for Somalia. Indeed, they will enable the country to establish a strong data protection environment, harmonized with international standards, thus fostering digital trust and innovation.
For all these reasons, at the beginning of February 2024, the DPA published guidelines for implementing the Data Protection Law. This publication suggested concrete actions for implementing the Law within an organization. According to these guidelines, the first essential step in implementing the Law is to make all staff aware of the importance of data protection. It also recommends creating an inventory of the data collected by the organization, in order to determine the risks associated with its use. A risk assessment should then be carried out to compare the company’s practices with the requirements of the Law. Finally, a detailed action plan must be drawn up to ensure full compliance with regulatory requirements.
Violation of the Law’s compliance requirements can result in severe financial penalties for companies, reaching up to 2% to 4% of worldwide annual turnover. To get ready for the Law’s implementation, companies will therefore need to audit and analyze their data, inform their customers about the Law, revise privacy notices, understand consumer rights and learn how to run marketing campaigns that comply with the Law.
To sum up, the inauguration of the DPA marks a significant move towards modernization and digital governance in the country. As Somalia navigates the complexities of the digital age, the DPA will play a major role in ensuring that the privacy rights of its citizens are protected in the future.