Mauritius was among the first movers in the data privacy space in Africa, and as such, its regulations are robust, and in line with international standards. When the country enacted the Data Protection Act 2004 (DPA 2004), it became the first African country to establish the Office of the Data Protection Commissioner and make it operational.
As of January 2018, Mauritius regulates data protection under the Data Protection Act 2017 (DPA 2017), which repealed and replaced the former act, so as to align with the European Union General Data Protection Regulation 2016/679 (GDPR). The updates to the law include the implementation of data protection impact assessments, notification of personal data breaches, stricter security requirements attached to data processing, and clearer standards around the details of lawful processing.
Among other things, data subjects have the right to:
- have their personal data corrected;
- access their personal data;
- object in writing to the processing of their personal data, at any time;
- prevent processing of personal data for purposes of direct marketing; and
- object to a decision based solely on automatic processing that would significantly affect them or adverse legal repercussions.
Mrs. Drudeisha Madhub has been the head of the office since August 2007.