Governments around the world are actively working to protect data. Vietnam issued a new draft of the Law on Data–state interests are the focal point. Nigeria published guidelines for Data Protection Act compliance to provide businesses with practical checklists. Ivory Coast presented the National Data Governance Strategy. Kenyan Data Commissioner ramps up its activity!

Vietnam published a new draft of data protection legislation, the Law on Data. The final version should be provided to the National Assembly at the 9th session in May 2025. Currently, data protection in Vietnam is regulated by Decree No. 13/2023/ND-CP on personal data protection. Upcoming the Law on Data is expected to establish a complex legal framework for ensuring data security and set a list of demands for businesses regarding handling personal data. The law should take effect in July 2025.

Key points of the Law on Data:

• Data must be collected openly and for a specific purpose. Only necessary data should be collected. Data should be stored only as long as needed.
• International Data Transfers. The Vietnamese government must be notified before transferring important and core data abroad. Data copies must be stored in Vietnam.
• Data subjects have to be informed about data collection. Consent must be documented.
• Data trading is strictly prohibited.
• Violators of the Law on Data can be fined 1-5% of annual revenue. In case of serious violations, criminal liability could be applied.

The law is expected to come into full effect in January 2026. The regulation is part of a wider government initiative to create a digital government through the National Digital Transformation Program and Project 06. Among other things, this list of legislative frameworks and measures being developed includes:

• The Law on Digital Technology Industry.
• The Law on Science, Technology, and Innovation
• Decree on implementation of the Law on E-Transactions
• Establishment of national government data bodies

Vietnamese companies and organizations should pay attention to the upcoming changes. It’s highly likely that the new law will be signed in May. Compliance with the requirements will ensure the safety of confidential and sensitive data used by different organizations and companies, while violation of legislative demands could lead to significant fines and enforcement notices.

Active work in the field of data protection regulations continues in Africa. Let’s have a brief round-up of the latest governmental initiatives across the African continent in the field of data protection. The national AI strategy and the National Data Governance Strategy were presented to the Prime Minister in Ivory Coast. Both texts are meant to be included in the National Development Plan 2026-2030. The government aims to make Ivory Coast a leading country in digital governance.

The Nigerian Data Protection Commission officially issued the Nigeria Data Protection Act–General Application and Implementation Directive (NDP Act GAID) to assist individuals and organizations to comply with the Nigeria Data Protection Act (NDP Act). The NDP Act GAID provides practical guidelines for the implementation of the NDP Act demands. The Data Commissioner emphasized the importance of the new document because regulatory complexity was one of the top three obstacles that prevented full compliance among Nigerian companies, according to the Nigeria Data Protection Commission Annual Report 2024.

The official representative highlighted that the NDP Act GAID addresses technical and organizational measures related to data protection principles, the legal basis for data processing, compliance audits with the NDP Act, and the rights of data subjects.

Kenya also took a proactive stance in data protection. The Office of the Data Protection Commissioner (PDPC-Kenya) and the Kenya Bankers Association organized a roundtable on the topic of data protection in the Kenyan financial sector. Cooperation with the private sector is a natural response to growing concerns about data privacy and compliance in the banking sector.

The PDPC-Kenya is actively enforcing compliance with regulations. Since January 2025, the Commissioner has issued 215 determinations regarding violations of data subject rights. Penalties have been imposed on 10 entities, 103 compensations have been issued, and 39 cases have been resolved through Alternative Dispute Resolution. One case was mentioned in our previous report: Fingrow Capital Ltd. was fined 200,000 KES for the disclosure of confidential personal and financial data to third parties without consent.

At the same time, the Kenyan Commissioner is actively conducting data rights awareness campaigns. On March 18th, Immaculate Kassait, the first Data Commissioner of Kenya, encouraged citizens to pay attention to their rights. The official said, "Report any misuse of your personal information. It's your right, and it's also your shield." Awareness programs are scheduled to take place across Nigeria as the Office of the Data Protection Commissioner continues to empower citizens with knowledge about their personal data rights.

Data is vital in the modern world. Data commissioners and governments are actively working to form a legal framework for data protection. Stakes are incredibly high. Exposure of confidential data can severely affect the business, as well as endanger individuals. Managed Security Services for data protection and internal threat mitigation provides reliable and state-of-the-art information security for organizations of all sizes. Without the need for the costs associated with purchasing expensive software licenses, hardware, and hiring experienced IT specialists, the client receives 360-degree information security coverage, as well as assistance in ensuring compliance with regulatory requirements. Start your free 30-day trial now and conduct a security audit in your organization today.