Regional Guidance

Region-specific Cybersecurity Guidance

Collected here are the privacy laws and data security laws of different countries and regions.

Africa

• Algeria
• Angola - Lei No. 22/11 da Protecção de Dados Pessoais de 17 de Junho (Original in Portuguese)
• Benin - Loi n°2009-09 du 22 mai 2009 portant organisation de la protection des données à caractère personnel (Original in French)
• Botswana
• Burkina Faso - Loi n° 010-2004/AN Portant Protection des Données à Caractère Personnel (Original in French)
• Burundi
• Cabo Verde - Lei n° 133/V/2001 of 22 January 2001 (Original in Portuguese)
• Cameroon
• Central African Republic
• Chad - Law 007/PR/2015 on the Protection of Personal Data
• Comoros
• Congo, Democratic Republic of the Congo
• Congo, Republic of the Congo
• Côte d’Ivoire - Loi n° 2013-450 du 19 juin 2013 relative à la protection des données à caractère personnel (Original in French)
• Djibouti
• eSwatini (formerly Swaziland) - Data Protection Bill
• Egypt
• Equatorial Guinea - Law 1/2016 (Data protection law)
• Eritrea
• Ethiopia
• Gabon - Loi n°001/2011 relative à la protection des données à caractère personnel (Original in French)
• The Gambia - Information and Communications Act No. 2 of 2009 (Original in English)
• Ghana - Data Protection Act (Act No. 843) 2012 - DPA (Original in English)
• Guinea
• Guinea-Bissau
• Kenya - Data Protection Bill 2012 (Original in English)
• Lesotho - Data Protection Act 2012
• Liberia
• Libya
• Madagascar - Loi No. 2014-38 (Original in French)
• Malawi - Electronic Transactions and Cybersecurity Act 2016
• Mali - Loi n° 2013-015 du 21 mai 2013 (Original in French)
• Mauritania
• Mauritius - Data Protection Act 2004 (Original in English)
• Morocco - Law No. 09-08/2009 on the protection of people toward data protection of a personal nature
• Mozambique
• Namibia
• Niger - Projet de loi sur la protection des données à caractère personnel
• Nigeria - Data Protection Bill 2011
• Rwanda
• Sao Tome and Principe - Data Protection Law 2016
• Senegal - Loi n° 2008-12 du 25 janvier 2008 sur la protection des données à caractère personnel (Original in French)
• Seychelles - Data Protection Act 2003 (Original in English)
• Sierra Leone
• Somalia
• South Africa - Protection of Personal Information Act 4 of 2013
• Sudan
• Sudan, South
• Tanzania, United Republic of - Data Protection Bill 2013
• Togo
• Tunisia - Law 63/2004 (Original in French)
• Uganda - The Data Protection and Privacy Bill, 2015 (Original in English)
• Zambia - The Electronic Communications and Transactions Act, Act Number 21 of 2009 - the Electronic Communications Act (Original in English)
• Zimbabwe - Draft Data Protection Bill 2016

Americas

• Antigua and Barbuda
  • Data Protection Act 2013 (Original in English)
  • Antigua and Barbuda Constitutional Order 1981 (Original in English)
• Argentina - Ley 25.326 de Protección de los Datos Personales (Original in Spanish)
• Bahamas - Data Protection (Privacy of Personal Information) Act 2003 (Original in English)
• Barbados
  • Data Protection Bill 2005 (Original in English)
  • The Constitution of Barbados
  • Electronic Transactions Act, 2001 (Original in English)
• Belize
• Bolivia, Plurinational State of - Ley general de Telecomunicaciones, Tecnologías de Información y Comunicación – Ley 167 de 08 agosto de 2011 (Original in Spanish)
• Brazil - Protection of Personal Data Bill 2011 (Original in Portuguese)
• Canada - Personal Information Protection and Electronic Documents Act (in English and French)
• Chile - Law 19.628 of 1999 (Original in Spanish)
• Colombia
  • Law 1266 of 2008- Habeas Data Act (in English*)
  • Ley Estatutaria 1266 de 2008 - Habeas Data Act (Original in Spanish)
  • Law No. 1581 of 2012 (in English*)
• Costa Rica
  • Ley de Protección de la Persona frente al tratamiento de sus datos personales, Nº 8968 (Original in Spanish)
  • Political Constitution of the Republic of Costa Rica, consolidated version to October 5, 2005 (Original in English)
• Cuba
• Dominica - Privacy and Data Protection Bill 2007
• Dominican Republic - Ley No. 172-13, sobre Protección de Datos de Carácter Personal del 13 de diciembre de 2013 (Original in Spanish)
• Ecuador - Protection of Privacy and Personal Data Bill 2016
• El Salvador
  • Ley de Comercio Electronico y Comunicaciones
  • Constitution of the Republic of El Salavador, 1983, as Amended to 2003, article 2 (Original in English)
  • Decree No. 695, Official Journal No. 141. Last modified April 20, 2012
  • Customs Simplification Act
• Grenada
• Guatemala
• Guyana
• Haiti
• Honduras - Anteproyecto de Ley de Protección de Datos Personales y Acción de Hábeas Data de Honduras (Original in Spanish)
• Jamaica
  • Data Protection Bill 2012
  • The Constitution of Jamaica (Original in English)
  • Electronic Transactions Act No 15 of 2006 (Original in English)
  • Trade Act 1955 (Original in English)
• Mexico - Ley Federal de Protección de Datos Personales en Posesión de los Particulares 2010 (Original in Spanish)
• Nicaragua - Ley No. 787 Ley de Protección de Datos Personales (Original in Spanish)
• Panama - Personal Data Protection Bill 2016
• Paraguay
  • Ley 4868/2013 de Comercio Electrónico
  • Ley 1682/2001 Reglamenta la Informacion de Caracter Privado (Original in Spanish)
• Peru - Ley N° 29733 - Ley de Protección de Datos Personales (Original in Spanish)
• Saint Kitts and Nevis - Privacy and Data Protection Bill 2012
• Saint Lucia
  • Data Protection Act 2011 (Original in English)
  • Constitution of Saint Lucia
• Saint Vincent and the Grenadines - Privacy Act 2003
• Suriname - The Constitution of the Republic of Suriname, Article 17 (Original in English)
• Trinidad and Tobago
  • Data Protection Act 2011 (Original in English)
  • The Constitution of the Republic of Trinidad and Tobago (Original in English)
• United States
  • Privacy Act of 1974 (Original in English)
  • United States (California) - California Consumer Privacy Act of 2018 (Assembly Bill 375) (CCPA)
• Uruguay - La Ley 18331 Protección de Datos Personales y Acción de Habeas Data"del 11 agosto del año 2008 y el Decreto reglamentario 414/2009 (Original in Spanish)
• Venezuela

Asia

• Afghanistan
• Armenia - Law of the Republic of Armenia on the Protection of Personal Data (Original in English)
• Azerbaijan - Law on Personal Data 2010 (Original in Azerbaijani)
• Bahrain
• Bangladesh
• Bhutan - Bhutan Information Communications and Media Act 2006 (Original in English)
• Brunei
• Cambodia
• China - The Decision of the Standing Committee of the National People's Congress on Strengthening the Network Information Protection (2012)
• East Timor
• Egypt
• Georgia - Law of Georgia on Personal Data Protection (Original in English)
• India - Personal Data Protection Bill of 2019 (PDPB), Information Technology Act 2000 (Original in English)
• Indonesia - Law of the Republic of Indonesia Number 11 of 2008 Concerning Electronic Information and Transactions (in Bahasa Indonesia and English)
• Iran - Law on Electronic Commerce (Original in English), Law 71063 on Computer Crimes (in Persian)
• Iraq - Draft Data Protection and Privacy Law
• Israel
  • Protection of Privacy Regulations (Data Security) 5777-2017 (Unofficial English translation. Original in Hebrew.)
  • Protection of Privacy Law, 5741-1981 (Unofficial English translation. Original in Hebrew.)
  • Protection of Privacy (Transfer of Data Abroad) Regulations (Unofficial English translation. Original in Hebrew.)
  • Privacy Protection Regulations (Terms of Holding Data and Its Maintenance and Procedures for Transfer of Data between Public Entities), 5746 – 1986 (Original in Hebrew.)
• Japan - Act on the Protection of Personal Information
• Jordan - Data Protection Bill
• Kazakhstan - Law on personal data and their protection, 21 May 2013 (in Russian)
• Kuwait - Law No. 20 of 2014 (Original in English)
• Kyrgyzstan - Law on Personal Data 2008 (in English*)
• Laos
• Lebanon
• Malaysia - Personal Data Protection Act 2010 (Original in English)
• Maldives
• Mongolia
• Myanmar
• Nepal - Right to Information Act, 2064 (2007) (Original in English)
• North Korea
• Oman - Royal Decree no. 69 of 2008 - Electronic Transactions Law (Original in English)
• Pakistan - Electronic Data Protection Act 2005 - Draft (Original in English)
• Palestine
• Papua New Guinea
• Philippines - Data Privacy Act of 2012 (Original in English)
• Qatar - Law No. 13 of 2016 Concerning Privacy and Protection of Personal Data
• Russian Federation - Federal Law Regarding Personal Data 2006 (Original in English)
• Saudi Arabia
• Singapore - Personal Data Protection Act 2012 (Original in English)
• South Korea - Personal Information Protection Act (PIPA)
• Sri Lanka
• Syria
• Taiwan - 2015 Personal Data Protection Act (PDPA)
• Tajikistan - Law on Protection of Information (December 2, 2002, № 71)
• Thailand - Personal Data Protection Bill 2011
• Turkey - Data Protection Law 2016
• Turkmenistan
• United Arab Emirates - Dubai International Financial Centre (DIFC) Data Protection Law
• Uzbekistan
• Vietnam - Law on Protection of Consumers' Rights 2010 (Original in English)
• Yemen - Law of the Right of Access to Information 2012 (Original in English)

Europe (EU Member States)

European Union - General Data Protection Regulation (GDPR) applies to all EU Member States.

• Austria - Datenschutzgesetz 2000 (Original in German)
• Belgium - Law on Privacy Protection in relation to the Processing of Personal Data (in English*)
• Bulgaria - Law for Protection of Personal Data (Original in English)
• Croatia - Act on Personal Data Protection (Original in English)
• Cyprus - The Processing of Personal Data (Protection of the Individual) Law (Original in English)
• Czech Republic - Law on Personal Data Protection (Original in English)
• Denmark - Act on Processing of Personal Data (Original in English)
• Estonia - Data Protection Act (Original in English)
• Finland - Personal Data Act (in English*)
• France
  • Law relating to the protection of individuals against the processing of personal data (Original in English)
  • Loi 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés modifiée (Original in French)
• Germany - Federal Data Protection Act (Original in English)
• Greece - Law on the Protection of individuals with regard to the processing of personal data (Original in English)
• Hungary - Act on Informational Self-Determination and Freedom of Information (Original in English)
• Ireland - Data Protection Act, 1988 (Original in English)
• Italy - Decreto Legislativo 30 giugno 2003, n. 196 - Codice in materia di protezione dei dati personali (Original in Italian)
• Latvia - Law on Protection of Personal Data of Natural Persons (Original in English)
• Lithuania - Law on Legal Protection of Personal Data (Original in English)
• Luxembourg - Data Protection Law (Original in English)
• Malta - Data Protection Act 2001 (Original in English)
• Netherlands - Personal Data Protection Act 1998 (in English*)
• Poland - Act on the Protection of Personal Data 1997 (Original in English)
• Portugal - Lei da proteçao de dados pessoais 1991 (Original in Portuguese)
• Romania - Law on the protection of individuals with regard to the processing of personal data etc (2001)
• Slovakia - Act on the Protection of Personal Data 1992 (Original in English)
• Slovenia - Personal Data Protection Act 1990 (Original in English)
• Spain - Organic Law 15/1999 on Personal Data Protection (Original in Spanish)
• Sweden - Personal Data Act 1998 (Original in English)

Europe (Non-EU States)

• Albania - Law No. 9887 on the Protection of Personal Data (Original in English)
• Andorra - Loi qualifiée 15/2003, du 18 décembre, sur la protection des données personnelles (Original in French and Catalan)
• Belarus - Law Of The Republic Of Belarus On Information, Informatization and Protection of information - Law no. 8517 (in English*)
• Bosnia and Herzegovina - Law on the Protection of Personal Data (Original in English)
• Iceland - Law on the Protection and Processing of Personal Data 1989 (Original in English)
• Liechtenstein - Gesetz über die Abänderung des Datenschutzgesetzes, 2002 (Original in German)
• Moldova, Republic of - Law on Personal Data Protection 2007 (in English*)
• Monaco - Act controlling personal data processing 1993 (Original in English)
• Montenegro - Law on Personal Data Protection 2008 (Original in English)
• North Macedonia, Republic of - Law on Personal Data Protection (in English*)
• Norway - Personal Data Act 2000 (Original in English)
• San Marino - Law regulating the Computerized Collection of Personal Data 1983
• Serbia - Law on Personal Data Protection 2008 (Original in English)
• Switzerland - Federal Act on Data Protection, 1992 (Original in English)
• Ukraine - Law on Personal Data Protection 2011 (Original in English)
• United Kingdom of Great Britain and Northern Ireland - Data Protection Act 1998 (Original in English)
• Vatican

Oceania

• Australia - Privacy Act 1988 (Original in English)
• Fiji - Information Act 2018 (Act No. 9 of 2018) (Original in English)
• Kiribati
• Marshall Islands
• Micronesia
• Nauru
• New Zealand - Privacy Act 1993 (Original in English)
• Palau
• Papua New Guinea
• Samoa
• Solomon Islands
• Tonga
• Tuvalu
• Vanuatu