Law: Law 29-2019 on the Protection of Personal Data (only available in French here) ('the Law')

Regulator: The Commission (not yet established)

Summary: The Law was passed in 2019, following its publication in the Official Gazette. The Law has several parallels to the EU's General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), such as requiring data controllers and processors to appoint a data protection officer in certain circumstances, and prescribing that data controllers conduct Data Protection Impact Assessments when a type of processing is likely to result in a high risk to people's rights and freedoms. The Law also provides that a Commission responsible for the protection of personal data will be established through legislation in Congo. However, the Commission has not yet been established. Once formed, the Commission will be responsible for supervising compliance with the Law and exercising enforcement powers, including the issuance of fines.

In addition, in 2015 Congo signed the Convention on Cyber Security and Personal Data Protection (the Malabo Convention) and subsequently ratified the same in 2020.