Law: Law N° 2022-59 of December 16, 2022, on the protection of Personal Data (only available in French here) (Law as amended) as amended by Law N° 2023-31 of July 4, 2023 (only available in French here) (Law 2023-31)

Regulator: High Authority for the Protection of Personal Data (HAPDP)

Summary: Personal data protection is regulated in Niger by Law No. 2017-28 of May 3, 2017 on the Protection of Personal Data (the Law), as amended and supplemented by Law No. 2019-71 of December 24, 2019, Decree No. 2020-309/PRN/MJ of April 30, 2020, setting the terms of application of the Law, and Order No. 000045 of October 5, 2020, determining the profile and setting the conditions of remuneration of the personal data protection correspondent.

The Law establishes a fundamental basis for personal data protection in Niger by setting out data subject rights of access, to object, and to information, restricting international data transfers, requiring data processing notifications, and detailing obligations for data controllers, such as the appointment of a personal data protection correspondent. Some topics are not covered by the Law, such as data breach notifications.

The National Data Protection Authority (HAPDP) has the powers to impose administrative sanctions and monetary penalties, which may be of up to XOF 10 million (approx. $16,231), increasing in case of persistent non-compliance. However, the HAPDP generally opts in favor of an educational approach, which consists of raising awareness among data controllers. Accordingly, the HAPDP has issued various guidelines and forms to aid in compliance with the Law.

In 2022, Niger ratified the Convention on Cyber Security and Personal Data Protection (the Malabo Convention).