SecurePrivacy Logo

Cameroon Law on Cyber Security and Cyber Crime

View Law Text
Maximum Fine
XAF 100M
Scope
National
Regulator
ANTIC
Enacted
2010

Need Help with Cameroon Law on Cyber Security and Cyber Crime Compliance?

Get expert guidance on implementing Cameroon's data protection requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Law on Cyber Security and Cyber Crime establishes comprehensive requirements for the protection of personal data and cybersecurity in Cameroon, enforced by the National Agency for Information and Communication Technologies (ANTIC).

Key Facts

  • Enacted in 2010
  • Enforced by ANTIC
  • Includes cybersecurity requirements

Key Principles

Lawfulness and Consent

Personal data must be processed lawfully and with proper authorization.

Requirements

  • Obtain valid consent
  • Identify legal basis
  • Document processing grounds
  • Regular compliance reviews
  • Maintain consent records

Examples

  • Consent mechanisms
  • Legal basis documentation
  • Processing records
  • Compliance reports

Data Security

Implementation of appropriate security measures to protect personal data.

Requirements

  • Implement security controls
  • Regular risk assessments
  • Staff training
  • Incident response plans
  • Security monitoring

Examples

  • Security policies
  • Training programs
  • Incident procedures
  • Monitoring systems

Data Quality

Personal data must be accurate, complete, and kept up to date.

Requirements

  • Verify data accuracy
  • Regular data reviews
  • Update procedures
  • Quality controls
  • Correction mechanisms

Examples

  • Data verification processes
  • Update procedures
  • Quality checks
  • Correction protocols

Compliance Requirements

Registration Requirements

Organizations must register with the National Agency for Information and Communication Technologies (ANTIC).

Implementation Steps

  • Submit registration application
  • Document processing activities
  • Pay registration fees
  • Maintain registration status
  • Update when changes occur

Required Documentation

  • Registration certificates
  • Processing records
  • Payment receipts
  • Status updates
  • Change notifications

Security Requirements

Implementation of appropriate technical and organizational security measures.

Implementation Steps

  • Conduct risk assessments
  • Implement security controls
  • Train staff on security
  • Regular security audits
  • Incident response planning

Required Documentation

  • Security policies
  • Risk assessments
  • Training records
  • Audit reports
  • Response plans

International Transfer Requirements

Requirements for transferring personal data outside Cameroon.

Implementation Steps

  • Assess recipient country adequacy
  • Implement transfer safeguards
  • Obtain necessary approvals
  • Document transfers
  • Monitor compliance

Required Documentation

  • Transfer assessments
  • Safeguard documentation
  • Approval records
  • Transfer logs
  • Monitoring reports

Enforcement & Penalties

Administrative Penalties

ANTIC can impose administrative penalties for violations of the Law on Cyber Security and Cyber Crime.

Penalty Categories

Severe Violations
Up to XAF 100M
For serious breaches of data protection requirements
Processing Violations
Up to XAF 50M
For unauthorized processing of personal data
Documentation Violations
Up to XAF 25M
For failure to maintain required documentation

Example Cases

Telecom Provider
XAF 75M
2023 - Unauthorized data sharing with third parties
Financial Institution
XAF 45M
2022 - Insufficient security measures leading to data breach

Criminal Penalties

Serious violations may result in criminal prosecution.

Penalty Categories

Intentional Violations
Up to 10 years imprisonment
For deliberate violations of the law
Data Theft
Up to XAF 100M and imprisonment
For unauthorized access and theft of personal data
False Statements
Up to XAF 50M
For providing false information to authorities

Example Cases

Data Breach Case
XAF 80M + imprisonment
2023 - Intentional exposure of sensitive personal data
Compliance Violation
XAF 40M
2022 - Repeated non-compliance with authority orders