More on the Draft Data Protection Bill

Some of our readers may be aware of long-running discussions regarding the implementation of data protection legislation in Namibia. These efforts culminated in the publication of a Draft Data Protection Bill (2022) by the Namibian Ministry of Information and Communication Technology. The latest Bill was published for consultation and public comment in October 2022. However, the 2022 Draft Bill appears to be substantially different to the Final Draft Bill that was circulated for public comment in 2020.

Several concerns have since been raised regarding the 2022 Draft Bill, most of which focused on its likely impact on human rights and the underdeveloped consent provisions contained therein. The Draft Data Protection Bill in Namibia is intended to safeguard individuals’ personal information by setting clear regulations for data collection, storage, and processing. In furtherance of this objective, it mandates responsible and transparent handling of personal data by data controllers and processors. The Bill also grants individuals the right to access their data, request corrections, and seek remedies for misuse. By aligning with international standards, the Bill aims to enhance privacy protection, boost consumer confidence, and support the country’s digital economy.

Some key points to note, at this stage, in respect of Namibia’s current Draft Data Protection Bill:

  • Compliance Period: Data controllers will have a one-year period after the Bill’s commencement to comply.
  • Scope: The Bill applies to personal data processing activities within and outside Namibia, provided these activities concern individuals within Namibia’s jurisdiction.
  • Primary Objectives: The Bill seeks to regulate personal information processing to protect fundamental rights and freedoms, ensure data subject rights, establish a supervisory authority, and outline the responsibilities of data controllers and processors.
  • Administrative Fines: There are no specified minimum or maximum limits for administrative fines that may be imposed on controllers by the supervisory authority. The data protection supervisory authority has been mandated to make regulations pertaining to administrative fines. The data protection supervisory authority may consider high administrative fines in an effort to discourage data controllers from contravening the legislation, once in force.
  • Regulatory Alignment: Businesses already compliant with GDPR or POPIA will find it relatively straightforward to comply with the Bill once it becomes law.

We will keep you updated on further developments in this regard.

View Related Blogs
View All
news

Awareness of Fraudulent Communications

Adams & Adams Fraudulent Impersonation Alert It has come to our attention that fraudulent emails (particularly from a Microsoft Outlook account of adams-adams-attorneys@outlook.com) are being sent...

Adams NewsFIRM NEWS
news

Digital transformation at Namibia Revenue Authority

The Namibia Revenue Agency, NAMRA, has set a goal of reaching full digitisation within the next 4 years. This will eliminate the need for customers to seek in-person consultations and will allow NAMRA...

Adams NewsNamibia
news

Togo registers kovié rice as its first Protected Geographical Indication

On 3 April 2025, kovié rice, hailing from the Kovié region, became Togo’s first Protected Geographical Indication (PGI). This PGI designation, granted by OAPI, will serve to ensure the quality of ...

Adams NewsOAPI