Law 2017-020
Law No. 2017-020 of July 22, 2017 on the Protection of Personal Data
Key Facts
Overview
Mauritania enacted Law 2017-020 in July 2017 to establish a comprehensive data protection framework. The law created the Autorite de Protection des Donnees a caractere Personnel (APD) as the supervisory authority. Mauritania holds a distinctive place in African data protection history as the 15th country to ratify the AU's Malabo Convention, which triggered the convention's entry into force continent-wide in June 2023.
What This Means for Your Website
If your website collects personal data from individuals in Mauritania, you must obtain opt-in consent before processing. Organizations must maintain detailed records of all processing activities and notify both the APD and affected individuals in the event of a data breach. Cross-border data transfers are restricted to countries with adequate protection levels. While enforcement capacity is still developing, compliance demonstrates respect for the legal framework.
Key Requirements
Consent is the primary legal basis for processing personal data. Data subjects have rights to information, access, correction, and deletion of their data. Breach notification must be sent to both the APD and affected individuals. Organizations are required to maintain detailed processing records. Cross-border transfers must meet adequacy requirements in the recipient country. Specific penalty amounts are not publicly detailed, but the law provides for monetary fines and operational restrictions.
How ConsentStack Handles This
ConsentStack geo-detects visitors from Mauritania and displays an opt-in consent banner before any non-essential data collection begins. Consent records are stored with full timestamps and preference details for audit purposes. The platform helps you maintain the processing documentation required by the law and supports breach notification workflows through its consent management infrastructure.
Penalties
Monetary fines and operational restrictions for non-compliance (specific amounts not publicly detailed)
Key Requirements
- Consent required for personal data processing
- Data subjects have rights to information, access, correction, and deletion
- Organizations must notify APD and affected individuals of data breaches
- Detailed processing records must be maintained
- Cross-border transfers subject to adequacy requirements
- Data security measures mandatory
Notable Provisions
- Mauritania's ratification was the 15th, triggering the Malabo Convention's entry into force
- APD established as supervisory authority but enforcement capacity remains limited
- Breach notification required to both the authority and affected individuals
Other Sub-Saharan Africa Regulations
Frequently Asked Questions
Does Mauritania require cookie consent?
Mauritania's Law 2017-020 does not specifically address cookies, but personal data collected through any tracking technology requires opt-in consent under the general data processing provisions.
What are the penalties for data protection violations in Mauritania?
The law provides for monetary fines and operational restrictions, though specific penalty amounts are not publicly detailed. Enforcement capacity through the APD is still developing.
Who enforces data protection in Mauritania?
The Autorite de Protection des Donnees a caractere Personnel (APD) is the designated supervisory authority responsible for overseeing data protection compliance in Mauritania.
Why is Mauritania significant for African data protection?
Mauritania was the 15th country to ratify the AU's Malabo Convention on Cyber Security and Personal Data Protection, triggering the convention's entry into force across the African Union in June 2023.
Stay compliant with Law 2017-020
ConsentStack helps you implement Opt-in consent for Islamic Republic of Mauritania automatically.