The extra-territorial reach of GDPR means that in practice, many businesses operating internationally will need to adopt European data privacy standards, which are likely to become the default global standards.

In particular, the GDPR introduces new rights in terms of privacy rights, new obligations such as consent requirements, data breach notification, appointment of data processors and new processes. The GDPR is intended to provide much greater harmonisation and protection within the EU in respect of data privacy and security issues, allowing discretion to the States to implement the basic protection and safeguards of the GDPR into their national legislation.

GDPR incorporated into national legislation – The Data Protection Act 2017

In view of the major changes brought by the GDPR, with an extra-territorial reach, the data protection laws in Mauritius were amended to be in line with the GDPR, by virtue of the Data Protection Act 2017 (DPA), effective on the 15th January 2018.

The objective of the DPA was guided by the founding principle enshrined in the GDPR, being the protection and safeguard of privacy rights of individuals insofar as the processing and storage of personal data is concerned. The novel provisions of the DPA ensure lawfulness, fairness and transparency such that individuals are well informed and afforded protection for the confidentiality of their personal data in order to reduce the growing risks of data leaks in an age of ‘e-society’. The threshold requirements for obtaining free and unambiguous consent of individuals, who can withdraw the said consent at any time, reinforce an individual’s privacy rights to prevent any uninformed use of personal data, be it by mere inadvertence.

The major overhaul brought by the DPA is in the form of:

(i) Simplified and structured registration and renewal process of data controllers and processors;

(ii) Implementing a complaints’ mechanism;

(iii) Lawful processing of personal data;

(iv) Consent requirements of data subjects in order to process data;

(v) Extensive rights afforded to data subjects in terms of consent, rights of access, automated individual decision making, right to object to processing of personal data, rectification of incomplete or inaccurate data;

(vi) Safeguards imposed for the transfer of personal data outside the jurisdiction of Mauritius in terms of notification requirements to the Commissioner, limited and selective data transfer in view of specified purpose;

(vii) Improved digital legal landscape to respond to GDPR requirements for adequacy;

(viii) Minimised risk of data breaches and notification requirements of any data breach;

(ix) Wider interpretation of ‘data’ to include biometric and genetic data;

(x) Security of data processing by way of encryption and pseudonymisation of personal data;

(xi) Data Protection Impact Assessment in order to identify and mitigate the data protection risks;

(xii) Offences and penalties imposed for non- compliance with the DPA.

Conclusion

As a major financial hub and attractive offshore jurisdiction for investors, Mauritius was bound to incorporate the GDPR into its domestic laws, the more so to reaffirm its continued commitment in extending the fundamental right of freedom to privacy rights, already enshrined in its Constitution.

Share
Twitter LinkedIn Email Save as PDF
More Publications
16 Aug 2019 |

Enforcement of Arbitral Awards

Before embarking into the enforcement of arbitral awards, it is important to distinguish between a d...

16 Aug 2019 |

Amalgamation and migration under Mauritius Law

At a time when emerging technologies such as blockchain, cryptocurrency and FinTech dominate the off...

16 Aug 2019 |

Mauritius to embrace Blockchain Technology

The adoption of blockchain will represent a total shift from the traditional business dealings in Ma...

16 Aug 2019 |

Mauritius Case-Law Summary

This is a summary of recent cases likely to influence the practice of global business in Mauritius.

16 Aug 2019 |

Restrictions on giving financial assistance

Financial assistance refers to the assistance given by a company, whether directors or indirectly, f...

Contributors: Farzanah Nawool
16 Aug 2019 |

Mauritius case summary: State Trading Corporation v Betamax Ltd

This case summary brings a new dimension to the approach of the highest court of the land on interna...

Contributors: Yahia Nazroo, Zahrah Juman
16 Aug 2019 |

The Lenders’ Choice: a pledge or a charge

A fundamental question that arises during secured debt financing transactions is which type of secur...

16 Aug 2019 |

Must we separate the roles of Chairman and CEO?

The role of the chairman is critical to good governance and to effective performance but the law doe...

19 Jul 2019 |

Mauritius Regulatory Update

This is the first in a series of of Mauritius Regulatory Alerts in which we bring you an overview of...

26 Jun 2019 |

Regulatory Headwinds

Faced with increased scrutiny from regulators on both global and jurisdictional levels, businesses m...

Contributors: David Dorgan