The right to privacy is expressly provided in Sections 3 and 9 of the Constitution of Mauritius and Article 22 of the Mauritian Civil Code. In 2004, Mauritius enacted the Data Protection Act 2004, which provided for the protection of the privacy rights of individuals in view of the developments in the techniques used to capture, transmit, manipulate, record or store data relating to individuals.
Why the need for a new legislation on Data Protection?
The Data Protection Act 2004 no longer fitted Mauritius’ evolving digital context and was therefore repealed and replaced by the Data Protection Act 2017 (the “Act”) which came into force on the 15th of January 2018. The Act aims at strengthening the control and personal autonomy of data subjects over their personal data and for matters related thereto. It seeks to bring Mauritius data protection framework into line with international standards, namely the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). The GDPR intends to strengthen and unify data protection for all individuals within the European Union (EU) and addresses the export of personal data outside the EU. It provides for a harmonisation of the data protection regulations throughout the EU, therefore makes it easier for non-European companies to comply with these regulations.