SecurePrivacy Logo

Angola Personal Data Protection Law

View Law Text
Maximum Fine
4% Revenue
Scope
National
Regulator
APD
Status
Active

Need Help with Angola PDPL Compliance?

Get expert guidance on implementing Angola's data protection requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

Angola's Personal Data Protection Law establishes comprehensive requirements for the processing of personal data, enforced by the Angolan Data Protection Agency (APD).

Key Facts

  • Effective since 2022
  • Enforced by APD (Angolan Data Protection Agency)
  • Applies to all organizations processing personal data in Angola

Key Principles

Lawfulness and Transparency

Processing must be lawful, fair, and transparent to the data subject.

Requirements

  • Valid legal basis for processing
  • Clear privacy notices
  • Transparent processing activities
  • Documentation of legal grounds
  • Regular compliance reviews

Examples

  • Consent collection forms
  • Privacy policy updates
  • Processing records
  • Legal basis documentation

Purpose Limitation

Personal data must be collected for specified, explicit, and legitimate purposes.

Requirements

  • Define processing purposes
  • Document purpose limitations
  • Ensure purpose compatibility
  • Regular purpose reviews
  • Purpose change notifications

Examples

  • Purpose documentation
  • Compatibility assessments
  • Change notifications
  • Processing records

Data Minimization

Only process data that is adequate, relevant, and limited to what is necessary.

Requirements

  • Assess data necessity
  • Implement collection limits
  • Regular data reviews
  • Deletion procedures
  • Storage limitation

Examples

  • Data inventory reviews
  • Collection forms
  • Deletion schedules
  • Storage policies

Compliance Requirements

Registration Requirements

Organizations must register with the Angolan Data Protection Agency (APD) before processing personal data.

Implementation Steps

  • Submit registration application
  • Document processing activities
  • Appoint data protection officer
  • Pay registration fees
  • Maintain registration records

Required Documentation

  • Registration certificates
  • Processing records
  • DPO appointment letter
  • Payment receipts
  • Annual reports

Cross-Border Data Transfers

Specific requirements for transferring personal data outside of Angola.

Implementation Steps

  • Assess recipient country adequacy
  • Implement transfer safeguards
  • Obtain APD authorization
  • Document transfer mechanisms
  • Monitor compliance

Required Documentation

  • Transfer impact assessments
  • Contractual safeguards
  • APD authorizations
  • Transfer records
  • Monitoring reports

Enforcement & Penalties

Administrative Sanctions

The Angolan Data Protection Agency (APD) can impose various administrative sanctions for violations.

Penalty Categories

Severe Violations
Up to 4% of annual turnover
For serious breaches of data protection principles
Regular Violations
Up to 2% of annual turnover
For non-compliance with technical requirements
Minor Violations
Up to AOA 10,000,000
For administrative non-compliance

Example Cases

Telecom Provider
AOA 50,000,000
2023 - Unauthorized data sharing with third parties
Financial Institution
2% of annual revenue
2022 - Failure to implement adequate security measures

Criminal Penalties

Serious violations may result in criminal prosecution.

Penalty Categories

Data Theft
Up to 2 years imprisonment
Unauthorized access and theft of personal data
Illegal Processing
Up to 18 months imprisonment
Processing without legal basis or consent
Non-Compliance
Up to AOA 25,000,000
Failure to comply with APD orders

Example Cases

Data Breach Case
Criminal Charges
2023 - Intentional exposure of sensitive data
Non-Registration Case
AOA 15,000,000
2022 - Operating without APD registration