Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.

Data security and breach notification

Security obligations
Are there specific security obligations that must be complied with?

Yes. The data owner must prevent the amendment of or damage to the data, as well as access by non-authorised third parties. In addition, the data owner must ensure that:

  • persons with access to the system can access only the data relevant to them;
  • the identity and interest of any third-party recipients of the data can be verified;
  • the identity of persons accessing to the system (to view the data or add data) can be verified;
  • non-authorised persons cannot access the place and equipment used for data processing;
  • non-authorised persons cannot read, copy, modify, destroy or move data;
  • all data introduced in the system is authorised;
  • the data will not be read, copied, modified or deleted without authorisation during the transport or communication of the data;
  • the data is backed up with security copies; and
  • the data is renewed and converted to preserve it.

Breach notification
Are data owners/processors required to notify individuals in the event of a breach?

There is no general obligation to notify personal data security breaches to individuals.

Are data owners/processors required to notify the regulator in the event of a breach?

There is no general obligation to notify personal data security breaches to the Senegalese Data Protection Authority (CDP).

Click here to view the full article.