Tanzania’s Personal Data Protection Commission (PDPC) has given public and private institutions three months to comply with the country’s personal data protection law, warning that enforcement will begin immediately against those operating without authorization.
The directive follows government instructions issued by the Minister for Communication and Information Technology, Angellah Kairuki, on Jan. 8, according to PDPC Director General, Dr. Emmanuel Mkilia.
“All public and private institutions that collect and process personal data and have not yet completed registration with the PDPC have been granted three months, until March 8, to comply,” Dr. Mkilia said at a press briefing.
He stressed that the grace period does not suspend enforcement of the law, but serves as a final voluntary compliance window.
The commission said it will begin immediate enforcement actions against institutions that continue to collect and process personal data without authorization.
Inspections will focus on identifying entities that collect, store, process, or transfer personal data abroad in violation of legal requirements.
The PDPC also announced it will mark Privacy Week from Jan. 26 to 30, with the main event on Jan. 28, aimed at strengthening awareness of data protection and privacy rights.
As part of the initiative, the commission will conduct public education campaigns through the media and community outreach programs to inform citizens of their rights as data subjects and to promote accountability among data handlers.
“The commission remains committed to carrying out its duties with integrity, professionalism, and impartiality, to protect Tanzanians’ personal data and create a secure environment for digital services and technology use,” Dr. Mkilia said.