As of 2025, 39 out of 55 African nations have enacted data protection laws, with 34 out of these having additionally established data protection authorities.
This is according to the 2025 Report on Data Protection in Africa by Yellow Card, a leading stable-coin infrastructure platform in Africa.
According to the study, countries with more developed digital ecosystems such as Kenya, Nigeria and South Africa, have a high demand for stronger data protection laws.
Furthermore, in 2024, Kenya and Nigeria led in data privacy enforcement, with their respective data protection authorities making notable efforts towards ensuring compliance.
![[UPDATE] MPESA super app](https://techtrendske.co.ke/wp-content/uploads/2023/07/MPESA-APP-DOWN-220x150.png)
“2024 witnessed notable strides in the field of data protection across Africa, marked by a surge in awareness, increased training initiatives, the establishment of new regulatory authorities and the introduction of proposed laws,” the report read in part.
“These developments reflected a growing recognition of the importance of safeguarding personal data and responding to the evolving challenges of the digital age.”
The report added that Botswana, Cameroon, Ethiopia and Malawi, have recently enacted new data protection laws, marking a significant stride towards improving data protection standards in these nations.
Additionally, Tanzania, Togo, the Democratic Republic of Congo (DRC), the Republic of Congo and Somalia, have established data protection authorities to oversee compliance and safeguard citizens’ personal information.
However, the study noted that gaps remain as several African countries, such as Djibouti and Eritrea, have yet to introduce formal data protection regulations.
“This lack of legislation leaves citizens vulnerable to data breaches and misuse as well as poses challenges for international businesses navigating different regulatory landscapes,” the survey read in part.
Yellow Card’s Group Data Protection and Privacy Counsel Thelma Okorie said awareness and the ability to protect data varies widely across African nations, depending on factors such as each country’s legal system, economic focus, and available resources.
“Despite the variables in different countries, data protection laws remain paramount in safeguarding individuals’ privacy, mitigating risks such as cybercrime and in promoting cross-border trade,” she said.
The survey reported that a key highlight of 2024 was the successful implementation of various data protection laws, which were accompanied by comprehensive regulations and guidelines aimed at providing clarity and consistency in enforcement.
These legal frameworks, the study said, were essential in promoting robust data protection practices and ensuring compliance across diverse sectors.
“Many African countries took significant steps toward formalizing their data protection regimes, with several introducing or refining regulations to better address the needs of both individuals and organisations operating in an increasingly data-driven environment,” it said.
“The establishment of new data protection authorities in several countries further strengthened the enforcement landscape, providing a clear institutional framework for oversight and accountability.”
“These authorities played a crucial role in not only enforcing existing laws but also guiding organisations through the process of compliance and responding to emerging challenges in the data protection space.”
Overall, the combination of legislative progress, regulatory advancements, enhanced awareness, and collaborative initiatives represented a significant leap forward for data protection in Africa, laying a solid foundation for continued growth and refinement in the years to come.
As we look ahead to 2025, Africa’s data protection landscape is poised for continued evolution, with several key trends and developments expected to shape the continent’s regulatory and enforcement environment.
Below are some key predictions and outlooks for data protection across the continent as indicated in the report;
- Expansion of Data Protection Laws and Sector Specific Regulations
In 2025, there is an expected increase in the number of African countries enacting or updating their data protection laws.
These developments will contribute to the further strengthening of Africa’s legal framework for data protection, making it more robust, comprehensive, and aligned with international best practices.
“As more nations enact or update data protection laws, the continent as a whole will be better positioned to handle the complexities of data flows and privacy challenges in the digital age,” it said.
Additionally, there might be a growing trend of sector-specific data protection regulations emerging across Africa.
Sectors dealing with finance data, healthcare data, biometric data, and children’s personal information will likely see more stringent requirements to safeguard privacy, manage data breaches, and ensure compliance with national and international standards
- Increase in Enforcement Actions
The momentum for enforcement actions in data protection, the report said, is likely to continue to rise in 2025.
As the year progresses, it further anticipates other countries with functioning data protection authorities will also ramp up enforcement efforts.
This is likely to result in an increase in regulatory investigations, audits, and penalties for non-compliance.
As a result, organisations across the continent will need to place a stronger emphasis on compliance, capacity building, and data protection training.
“The expanded enforcement environment can be expected to foster a culture of accountability, creating greater awareness among businesses and consumers about the importance of data privacy,” the survey said.
“In turn, this should lead to higher levels of compliance with data protection laws and the adoption of privacy-friendly practices.”
- Strengthened Collaboration Among Data Protection Authorities
The study further said that one of the most promising developments for data protection in Africa is the potential for increased collaboration among data protection authorities (DPAs) across the continent.
“In 2025, we expect to see even more concerted efforts to harmonise data protection regulations, share best practices, and tackle cross-border data flow challenges,” it read in part.
The Network of African Data Protection Authorities (NADPA), an influential forum for collaboration among data protection regulators, is expected to continue to play a pivotal role in fostering communication and cooperation.
A key highlight of 2025 will be the next NADPA conference, which will be held in Nigeria in May .
“This event will serve as a crucial platform for regulators, policy makers, and stakeholders to discuss emerging trends, regulatory challenges, and the future of data protection in Africa,” it said.
- Re-evaluating Cross-Border Data Transfer Mechanisms
The issue of cross-border data transfers is likely expected to remain a hot topic in 2025. In recent years, countries like
Worth noting is that Kenya and Nigeria have initiated conversations with the U.S. Department of Commerce regarding the Cross Border Privacy Rules (CBPR) framework.
The CBPR, which is designed to ensure data privacy protection in cross- border transfers, may become an attractive mechanism for African nations seeking to facilitate smoother international data flows while ensuring privacy protections .
“Given the current limitations of existing data transfer provisions, which some argue are not business-friendly, the CBPR framework could offer a more viable alternative,” the report said.
“African countries will need to carefully evaluate whether to embrace CBPR as a legally acceptable mechanism for cross-border data transfers, balancing the need for international data exchange with the protection of citizens’ privacy rights.”
The increasing interest in frameworks like the CBPR reflects the broader trend of African countries seeking to modernise their data protection laws, making them more adaptable to the realities of a global digital economy.
- Focus on Children’s Online Safety
Children’s online safety is expected to be another area of growing importance in Africa in 2025.
Across the continent, there has been an increasing awareness of the need to protect children from online threats, including cyberbullying, exposure to inappropriate content, and the risk of exploitation.
Countries including Senegal have already issued warnings and guidelines on how children interact with online services, urging parents, educators, and service providers to prioritise child safety.
Similarly, Botswana, in its recent amendments to the Data Protection Act, has included provisions explicitly addressing children’s rights, reinforcing the need for special protections when handling the personal data of minors.
Globally, there has been a growing push to address the risks children face in the digital environment.
For instance, Australia has introduced a ban on social media use for children under 16 , a move that signals a shift towards more stringent protections for young people online.
In Africa, we expect more countries to follow suit, introducing new regulations and initiatives aimed at protecting children’s privacy and ensuring their safety online.
“This increased focus on children’s online safety can be expected to drive the development of specialised tools, policies, and guidelines for organisations, particularly social media platforms and digital service providers, to better safeguard young users,”the report said.
Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
