The extra-territorial reach of GDPR means that in practice, many businesses operating internationally will need to adopt European data privacy standards, which are likely to become the default global standards.

In particular, the GDPR introduces new rights in terms of privacy rights, new obligations such as consent requirements, data breach notification, appointment of data processors and new processes. The GDPR is intended to provide much greater harmonisation and protection within the EU in respect of data privacy and security issues, allowing discretion to the States to implement the basic protection and safeguards of the GDPR into their national legislation.

GDPR incorporated into national legislation – The Data Protection Act 2017

In view of the major changes brought by the GDPR, with an extra-territorial reach, the data protection laws in Mauritius were amended to be in line with the GDPR, by virtue of the Data Protection Act 2017 (DPA), effective on the 15th January 2018.

The objective of the DPA was guided by the founding principle enshrined in the GDPR, being the protection and safeguard of privacy rights of individuals insofar as the processing and storage of personal data is concerned. The novel provisions of the DPA ensure lawfulness, fairness and transparency such that individuals are well informed and afforded protection for the confidentiality of their personal data in order to reduce the growing risks of data leaks in an age of ‘e-society’. The threshold requirements for obtaining free and unambiguous consent of individuals, who can withdraw the said consent at any time, reinforce an individual’s privacy rights to prevent any uninformed use of personal data, be it by mere inadvertence.

The major overhaul brought by the DPA is in the form of:

(i) Simplified and structured registration and renewal process of data controllers and processors;

(ii) Implementing a complaints’ mechanism;

(iii) Lawful processing of personal data;

(iv) Consent requirements of data subjects in order to process data;

(v) Extensive rights afforded to data subjects in terms of consent, rights of access, automated individual decision making, right to object to processing of personal data, rectification of incomplete or inaccurate data;

(vi) Safeguards imposed for the transfer of personal data outside the jurisdiction of Mauritius in terms of notification requirements to the Commissioner, limited and selective data transfer in view of specified purpose;

(vii) Improved digital legal landscape to respond to GDPR requirements for adequacy;

(viii) Minimised risk of data breaches and notification requirements of any data breach;

(ix) Wider interpretation of ‘data’ to include biometric and genetic data;

(x) Security of data processing by way of encryption and pseudonymisation of personal data;

(xi) Data Protection Impact Assessment in order to identify and mitigate the data protection risks;

(xii) Offences and penalties imposed for non- compliance with the DPA.

Conclusion

As a major financial hub and attractive offshore jurisdiction for investors, Mauritius was bound to incorporate the GDPR into its domestic laws, the more so to reaffirm its continued commitment in extending the fundamental right of freedom to privacy rights, already enshrined in its Constitution.

Share
Twitter LinkedIn Email Save as PDF
More Publications
18 Nov 2022

APPLEBY MAURITIUS NEWSLETTER, NOVEMBER 2022

There have been interesting developments in our legal landscape since our last issue with the Govern...

17 Nov 2022

Mauritius Case-Law Summary November 2022

This is a summary of recent cases likely to influence the practice of global business in Mauritius.

17 Nov 2022

The Statutory Requirement for a Debenture Holders’ Representative in Mauritius

A debenture is essentially a debt instrument which is traditionally not supported by any collateral ...

Contributors: Abdal Aumeer
17 Nov 2022

Banker's duty of confidentiality

A bank’s duty of confidentiality to its customers, as well as the obligation on banking institutio...

Contributors: Zahrah Juman
27 Sep 2022

Similar but Different

While the basic features of the trust remain, there are some notable differences in how trusts can b...

9 Sep 2022

Attachment Orders – A useful debt enforcement tool for creditors

One of the unsettling questions that lingers in the minds of creditors is how to secure or recover t...

25 Jul 2022

APPLEBY MAURITIUS NEWSLETTER, JULY 2022

There have been interesting developments in our legal landscape since our last issue with the Govern...

22 Jul 2022

Digital Banking - Being future ready

One of the positive aspects of digitalisation is the opportunity which it has offered for financial ...

21 Jul 2022

Concurrence Déloyale

This article reviews the approach which the Mauritian Supreme Court adopts on the concept of “Conc...

21 Jul 2022

Case Summaries

The Supreme Court had to address a preliminary objection raised by co-respondents Nos. 1, 2 and 3 on...