MOGADISHU – The Somali Data Protection Authority has announced that all Data Controllers and Data Processors operating in the Federal Republic of Somalia must now register with the authority. The registration applies to all institutions and companies that handle personal data.
The directive represents a significant step in Somalia’s efforts to establish a comprehensive data protection framework and align with continental privacy standards.
Somalia Joins African Data Protection Network
The registration requirement follows Somalia’s formal entry into the Network of African Data Protection Authorities (NADPA). Somalia officially joined NADPA during the 8th edition of the organisation’s annual conference held in Abuja, Nigeria, from May 6 to May 8, 2025, bringing together data protection authorities, experts, and observers from over 30 African countries.
Themed “Balancing Innovation in Africa with the Protection of Privacy in Emerging Technologies,” the three-day conference focused on the urgent need for robust data governance frameworks as the continent rapidly embraces digital transformation. Somalia’s inclusion in NADPA marks a significant milestone in its efforts to strengthen privacy rights and establish a regulatory environment that supports responsible innovation.
Partnership with Nigeria on Data Protection
To accelerate the implementation of effective data protection systems, Somalia has forged strategic partnerships with established regulatory bodies. Somalia’s Data Protection Authority and Nigeria’s Nigeria Data Protection Commission signed a Memorandum of Understanding to strengthen collaboration in data governance, capacity building, and knowledge exchange.
The agreement aims to foster the development of robust data protection frameworks, promote best practices, and support institutional strengthening through training and technical support. Dr. Vincent Olatunji, National Commissioner of the NDPC, emphasized the importance of continental collaboration, stating that “as African nations embrace digital transformation, strong partnerships like this ensure that data protection is not only a national priority but a regional one.”
Cybersecurity Framework Development
The registration mandate also aligns with broader cybersecurity initiatives underway in Somalia. The National Communications Authority has convened a national consultation to formulate Somalia’s Cybersecurity Risk Management and Compliance Framework, bringing together key government agencies, private sector representatives, educational institutions, civil society organizations, and technical experts.
The State Minister of Communications and Technology, MP Ahmed Osman Dirie, who opened the meeting, underscored the increasing significance of cybersecurity in a rapidly digitizing society. “The use of technology continues to grow and influences numerous aspects of life, including education and commerce. Without appropriate protections, these developments can create vulnerabilities,” Dirie said.
Digital Commitment and Cybercrime Legislation
Somalia has reaffirmed its commitment to data protection and cybersecurity legislation as key pillars of the country’s digital transformation strategy. The Council of Ministers, chaired by Prime Minister Hamza Abdi Barre, approved the long-awaited Cybercrime Bill during its weekly meeting, providing Somalia with a comprehensive legal framework to combat the growing threats posed by cybercriminals.
The legislation criminalizes a wide range of digital offenses, including hacking, identity theft, phishing, the spread of malicious software, and unauthorized access to sensitive data. Prime Minister Barre underscored the importance of the bill, noting that Somalia’s increasing reliance on digital services, e-commerce, and online communications makes cyber protection a national priority.
Registration Requirements and Compliance
Under the new directive, all Data Controllers and Data Processors operating in Somalia must register with the Somali Data Protection Authority. This includes government institutions, private companies, non-profit organizations, and any entity that handles personal data of Somali citizens or residents.
The registration requirement is designed to increase accountability, ensure compliance with data protection standards, and enable the authority to monitor how personal information is collected, processed, and stored across the country. Failure to register may result in penalties as stipulated under Somalia’s data protection regulations.
The Somali Data Protection Authority has announced it will provide guidance and support to organizations navigating the registration process, with the aim of building a culture of data privacy and security awareness across all sectors of Somali society.
Recommended Reading On ftlsomalia.com:
