Law: There is no general data protection law.

Regulator: There is no general data protection regulator.

Summary: The Democratic Republic of Congo is yet to enact a general data protection law. However, the Constitution of the DRC (only available in French here) prescribes the right to respect private life and to the secrecy of correspondence, telecommunication, and all other forms of communication. In addition, Law No. 20/017 (only available in French here) (the Law) covers the protection of personal data and cybersecurity in relation to telecommunications and ICT providers. In particular, Article 131 of the Law states that any processing of personal data may not take place unless based on the consent of the data subject or requisition of the public prosecutor's office. Article 132 of the Telecommunications and ICT Law further explains that the collection, recording, processing, storage, and transmission of personal data must be based upon the authorization of the data subject or the competent supervisory authority as established under Article 126 of the Law.