Law: Law 133-V-2001 on the Protection of Personal Data (as amended by Law No. 41/VIII/2013 - General Legal Regime for the Protection of Personal Data of Individuals (only available in Portuguese here) and Law No. 121/IX/2021 of 17 March 2021 (only available in Portuguese here)) (collectively the Law)

Regulator: National Commission of Data Protection (CNPD)

Summary: On January 22, 2001, Law 133-V-2001 on the Protection of Personal Data (as amended by Law No. 41/VIII/2013 - General Legal Regime for the Protection of Personal Data of Individuals (only available in Portuguese here) and Law No. 121/IX/2021 of 17 March 2021 (only available in Portuguese here)) (collectively 'the Law') entered into effect and established the general data protection framework in Cape Verde.

The Law applies to both the controllers and processors who are established in Cape Verde, as well as to controllers and processors who process the data of data subjects located in Cape Verde, irrespective of the location where the processing takes place. The Law is enforced by the National Commission of Data Protection (CNPD), which became operational in 2015. The CNPD's administrative functions include receiving and reviewing data processing notifications and issuing authorizations for some processing activities.

Cape Verde also has a notable presence on the international stage and is one of the few jurisdictions outside of Europe to have ratified the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108). Additionally, Cape Verde is a signing member of the Economic Community of West African States (ECOWAS) Supplementary Act A/SA. 1/01/10 on Personal Data Protection within ECOWAS and has ratified the African Convention on Cyber Security and Personal Data Protection (the Malabo Convention).