Privacy Regulations in Gambia

The first binding sub-regional data protection framework in Africa, strongly influenced by the EU Data Protection Directive. Requires member states to enact national laws and establish supervisory authorities. About two-thirds have enacted implementing legislation. Currently being revised to align with modern standards.

Continental framework treaty bundling data protection, cybercrime, cybersecurity, and e-commerce. Does not directly regulate websites but sets minimum standards for national laws. Took 9 years to reach the 15-ratification threshold. South Africa notably has not ratified.

The Gambia's first comprehensive data protection law is notable for its GDPR-style 4% global turnover penalty and departure from the typical African requirement of prior registration before processing. The law criminalizes selling personal data with up to 10 years imprisonment and requires 72-hour breach notification to the Information Commission.