Law: Data Protection Act 2017 (the Data Protection Act)

Regulator: Data Protection Office (the Office)

Summary: The Data Protection Act 2017 (the Data Protection Act) came into force on January 15, 2018, and repealed the Data Protection Act 2004. The Act was designed to be aligned with international standards, and specifically the EU's General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and the Convention for Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108). In general terms, the Act follows many of the provisions and approaches of the GDPR, and prescribes data protection principles, legal bases for processing personal data, controller and processor obligations, conditions for data transfers, the appointment of a data protection officer (DPO), and data subjects rights. Mauritius also signed the Protocol amending the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention 108+) in 2020.