The extra-territorial reach of GDPR means that in practice, many businesses operating internationally will need to adopt European data privacy standards, which are likely to become the default global standards.

In particular, the GDPR introduces new rights in terms of privacy rights, new obligations such as consent requirements, data breach notification, appointment of data processors and new processes. The GDPR is intended to provide much greater harmonisation and protection within the EU in respect of data privacy and security issues, allowing discretion to the States to implement the basic protection and safeguards of the GDPR into their national legislation.

GDPR incorporated into national legislation – The Data Protection Act 2017

In view of the major changes brought by the GDPR, with an extra-territorial reach, the data protection laws in Mauritius were amended to be in line with the GDPR, by virtue of the Data Protection Act 2017 (DPA), effective on the 15th January 2018.

The objective of the DPA was guided by the founding principle enshrined in the GDPR, being the protection and safeguard of privacy rights of individuals insofar as the processing and storage of personal data is concerned. The novel provisions of the DPA ensure lawfulness, fairness and transparency such that individuals are well informed and afforded protection for the confidentiality of their personal data in order to reduce the growing risks of data leaks in an age of ‘e-society’. The threshold requirements for obtaining free and unambiguous consent of individuals, who can withdraw the said consent at any time, reinforce an individual’s privacy rights to prevent any uninformed use of personal data, be it by mere inadvertence.

The major overhaul brought by the DPA is in the form of:

(i) Simplified and structured registration and renewal process of data controllers and processors;

(ii) Implementing a complaints’ mechanism;

(iii) Lawful processing of personal data;

(iv) Consent requirements of data subjects in order to process data;

(v) Extensive rights afforded to data subjects in terms of consent, rights of access, automated individual decision making, right to object to processing of personal data, rectification of incomplete or inaccurate data;

(vi) Safeguards imposed for the transfer of personal data outside the jurisdiction of Mauritius in terms of notification requirements to the Commissioner, limited and selective data transfer in view of specified purpose;

(vii) Improved digital legal landscape to respond to GDPR requirements for adequacy;

(viii) Minimised risk of data breaches and notification requirements of any data breach;

(ix) Wider interpretation of ‘data’ to include biometric and genetic data;

(x) Security of data processing by way of encryption and pseudonymisation of personal data;

(xi) Data Protection Impact Assessment in order to identify and mitigate the data protection risks;

(xii) Offences and penalties imposed for non- compliance with the DPA.

Conclusion

As a major financial hub and attractive offshore jurisdiction for investors, Mauritius was bound to incorporate the GDPR into its domestic laws, the more so to reaffirm its continued commitment in extending the fundamental right of freedom to privacy rights, already enshrined in its Constitution.

Locations

Mauritius

Services

Dispute Resolution

Sectors

Privacy & Data Protection

Type

Insight

Share
Twitter LinkedIn Email Save as PDF
More Publications
12 Apr 2024

Maximising Efficiency in Fund Termination Through Liquidating Trusts in Mauritius

When it comes to terminating a fund licensed under the laws of Mauritius (Company), one of the key r...

Malcolm Moller
Karishma Beegoo
Malcolm Moller, Karishma Beegoo
4 Apr 2024

Smile - you are on (secret) camera

This article discusses the recent approach of the Cour de Cassation in France on rules of evidence i...

Yahia Nazroo
Nivedita Patten
Fatema Mohidinkhan
Yahia Nazroo, Nivedita Patten, Fatema Mohidinkhan
19 Feb 2024

Disciplinary Committees and the requirement of fairness and impartiality

Every company should ensure that it has established in its internal policies and procedures, a fair ...

Yahia Nazroo
Fatema Mohidinkhan
Dylan Mannikum
Yahia Nazroo, Fatema Mohidinkhan, Dylan Mannikum
17 Jan 2024

Derivative Action: A shareholder’s remedy to protect the interests of the Company

Generally, when there is a wrongdoing committed against a company, it is the company itself which ac...

Yahia Nazroo
Fatema Mohidinkhan
Yahia Nazroo, Fatema Mohidinkhan
15 Sep 2023

Appleby Mauritius Newsletter 2023

Appleby Mauritius Newsletter

Malcolm Moller
Sharmilla Bhima
Ashley Oogorah
Suhaylah Juman
Vaishali Damonaiko
Malcolm Moller, Sharmilla Bhima, Ashley Oogorah, Suhaylah Juman, Vaishali Damonaiko
15 Sep 2023

The Financial Services Commission issues the Financial Services (Global Shared Services) Rules 2022

On the 20th December 2022, the FSC issued the Financial Services (Global Shared Services) Rules 2022...

Ashley Oogorah
Ashley Oogorah
15 Sep 2023

Employer's perspective: What to expect in a settlement agreement?

What is a ‘Settlement Agreement’? One of the innovations of the Workers’ Rights Act (‘Act...

Vaishali Damonaiko
Suhaylah Juman
Vaishali Damonaiko, Suhaylah Juman
13 Mar 2023

New rules to boost the regulatory framework of Mauritius International Financial Centre

The Financial Services Commission introduces new rules in support of the new business activity of sh...

Yahia Nazroo
Dylan Mannikum
Yahia Nazroo, Dylan Mannikum
20 Dec 2022

Non-Fungible Tokens: Guidance notes issued in Mauritius

The Financial Services Commission (FSC) continues to propel its Fintech sector with a view to streng...

Malcolm Moller
Farzanah Nawool
Suhaylah Juman
Malcolm Moller, Farzanah Nawool, Suhaylah Juman
18 Nov 2022

Appleby Mauritius Newsletter, Nov 2022

There have been interesting developments in our legal landscape since our last issue with the Govern...

Malcolm Moller, Sharmilla Bhima, Manisha Lallah, Suhaylah Juman, Zahrah Juman