Mogadishu — Somalia’s Data Protection Authority (DPA) has directed all organisations that collect, store, process or share personal data to register under the country’s Data Protection Law, as part of efforts to strengthen privacy safeguards and improve compliance with national data governance standards.
In a statement, the Authority said the requirement is mandated under Article 32 of the Data Protection Act and applies to all data controllers and data processors operating within Somalia.
The regulator said the move is intended to enhance the protection of personal information and establish greater accountability among organisations handling sensitive data.
The DPA confirmed that it has begun accepting registration applications and will issue certification only to entities that meet the legal and regulatory requirements set out under the law.
Under the directive, companies, government institutions and other organisations that process personal data must complete the registration process and comply with obligations governing the collection, storage, use and sharing of personal information.
The Authority said organisations that fail to meet the registration requirements could face regulatory action in accordance with the provisions of the Data Protection Act.
Further details on registration procedures, eligibility requirements and application forms are available through the Authority’s official channels. The regulator has also encouraged organisations seeking clarification to contact its offices or use its official communication platforms during working hours.
The announcement marks a significant step in Somalia’s efforts to establish a comprehensive data protection framework as digital services and data-driven operations continue to expand across the country.
