The Seychelles Data Protection Act is designed to align with global best practices in privacy laws and marks a crucial step towards establishing a robust framework for the responsible handling of personal data within Seychelles, promoting responsible flow of information by the private and public entities, and enhancing transparency and accountability in data handling practices.

Key features of the Data Protection Act (DPA):

Scope and Applicability

The DPA applies to individuals as well as public and private entities that collect, process, or store personal data in Seychelles. The DPA specifically excludes from its purview, the processing of personal data by relevant authorities in the course of a criminal investigation; matters that pertain to national security; and the processing of personal data by a natural person for a personal activity.

Data Protection Principles

Similar to the European Union’s General Data Protection Regulation (GDPR), the DPA requires the explicit consent of data subjects (i.e., individuals whose data is being collected, stored and processed) before collecting and processing their personal data. Controllers and/or processors have the duty to inform the data subject on the reasons for collecting their data, and ensuring data quality, security and confidentiality.

Data Subject Rights

The DPA empowers individuals with greater control over their personal information and data subjects now have the right to be informed, to access, rectify, and erase their data. Additionally, they have the right to restrict or object to the processing of their data and the right to demand compensation for any unlawful processing.

Obligations of Data Controllers/ Processors

The DPA obliges the data controllers/ processors to make publicly available the type of information in their custody, and to adopt a privacy policy that provides a detailed and accurate representation of the entity’s data processing and data transfer activities. Entities engaging in high-risk data processing activities are required to conduct Data Protection Impact Assessments. The DPA also mandates prompt reporting of data breaches to the Information Commission and affected individuals. Certain organisations, based on their size and nature of data processing, are obligated to appoint a Data Protection Officer under the DPA.

Cross-Border Data Transfers

The DPA incorporates measures to regulate the transfer of personal data outside Seychelles. Entities engaged in cross-border data transfers must adhere to specific safeguards and mechanisms to ensure the continued protection of personal information, aligning with international data protection standards.

Enforcement and Penalties

The Information Commission of the Seychelles has been designated as the competent authority to enforce and implement the DPA and empowered to conduct audits, investigations, impose penalties on entities that violate the DPA.

Transitional Provisions

All data controller or data processors have been provided with a transitional period of 18 months (from 22 December 2023) to ensure that their activities conform to the DPA.

As organisations adapt to these new regulations, public awareness and education regarding data protection rights and best practices would be key in empowering individuals with the knowledge needed to safeguard their own privacy and building a privacy-conscious society. The introduction of comprehensive data protection legislation in Seychelles reflects the government’s commitment to safeguarding the privacy of its citizens and security of personal information and positions Seychelles as a responsible participant in the global digital landscape.

Key Contacts
Share
X.com LinkedIn Email Save as PDF
More Publications
Appleby-Website-Regulatory-Practice
9 Sep 2024

Overview of Regulated Activities under the Virtual Asset Service Providers Act of Seychelles

As part of our commitment to keeping you informed about the evolving regulatory landscape surroundin...

Appleby-Website-Seychelles3
27 Aug 2024

Consultation Concludes: The Future of Seychelles Virtual Assets Now in Focus

We are pleased to bring you an important update regarding the evolving regulatory landscape for virt...

Appleby-Website-Seychelles3
16 Jul 2024

Embracing the Future: Seychelles Introduces the Virtual Asset Service Providers Bill, 2024

In an age where digital assets are becoming increasingly integral to global finance, Seychelles is t...

SEY
25 Apr 2024

The Seychelles: enhancing the proposed framework for virtual asset service providers

With the increasing prominence of cryptocurrency trading platforms in regulatory-friendly jurisdicti...

The Global Website header
9 Apr 2024

The Global – your offshore corporate law questions answered: April 2024

The Global is a quarterly collection of corporate expert insights and analysis across Appleby's glob...

Corporate
30 Aug 2023

Seychelles Business Tax on Multi-National Enterprises

Seychelles has recently undertaken a slew of amendments in order to keep up with the evolving and co...

Private Client Trusts
27 Sep 2022

Similar but Different

While the basic features of the trust remain, there are some notable differences in how trusts can b...

Mergers and Acquisitions (M&A)
12 Mar 2021

Material adverse change clauses in light of the Covid-19 pandemic

Experts from each of our key global offices provide jurisdiction specific advice and answer question...