Angola Personal Data Protection Law
View Law TextNeed Help with Angola PDPL Compliance?
Get expert guidance on implementing Angola's data protection requirements and ensuring ongoing compliance for your organization.
Get Expert HelpOverview
Angola's Personal Data Protection Law establishes comprehensive requirements for the processing of personal data, enforced by the Angolan Data Protection Agency (APD).
Key Facts
- Effective since 2022
- Enforced by APD (Angolan Data Protection Agency)
- Applies to all organizations processing personal data in Angola
Key Principles
Lawfulness and Transparency
Processing must be lawful, fair, and transparent to the data subject.
Requirements
- Valid legal basis for processing
- Clear privacy notices
- Transparent processing activities
- Documentation of legal grounds
- Regular compliance reviews
Examples
- Consent collection forms
- Privacy policy updates
- Processing records
- Legal basis documentation
Purpose Limitation
Personal data must be collected for specified, explicit, and legitimate purposes.
Requirements
- Define processing purposes
- Document purpose limitations
- Ensure purpose compatibility
- Regular purpose reviews
- Purpose change notifications
Examples
- Purpose documentation
- Compatibility assessments
- Change notifications
- Processing records
Data Minimization
Only process data that is adequate, relevant, and limited to what is necessary.
Requirements
- Assess data necessity
- Implement collection limits
- Regular data reviews
- Deletion procedures
- Storage limitation
Examples
- Data inventory reviews
- Collection forms
- Deletion schedules
- Storage policies
Compliance Requirements
Registration Requirements
Organizations must register with the Angolan Data Protection Agency (APD) before processing personal data.
Implementation Steps
- Submit registration application
- Document processing activities
- Appoint data protection officer
- Pay registration fees
- Maintain registration records
Required Documentation
- Registration certificates
- Processing records
- DPO appointment letter
- Payment receipts
- Annual reports
Cross-Border Data Transfers
Specific requirements for transferring personal data outside of Angola.
Implementation Steps
- Assess recipient country adequacy
- Implement transfer safeguards
- Obtain APD authorization
- Document transfer mechanisms
- Monitor compliance
Required Documentation
- Transfer impact assessments
- Contractual safeguards
- APD authorizations
- Transfer records
- Monitoring reports
Consent Management
Requirements for obtaining and managing valid consent for data processing.
Implementation Steps
- Implement consent mechanisms
- Provide clear information
- Enable withdrawal options
- Document consent records
- Regular consent reviews
Required Documentation
- Consent forms
- Privacy notices
- Withdrawal procedures
- Consent logs
- Review records
Enforcement & Penalties
Administrative Sanctions
The Angolan Data Protection Agency (APD) can impose various administrative sanctions for violations.
Penalty Categories
Example Cases
Criminal Penalties
Serious violations may result in criminal prosecution.