Data Protection Framework in Mauritius

Data Protection Framework in Mauritius
Slide Note
Embed
Share

The data protection framework in Mauritius aims to reinforce the efficient and growing ICT sector by securing the ITES-BPO pillar. The country recognizes the importance of internationally securing the BPO sector, making data protection a key investment pillar. The Data Protection Law enshrines privacy rights in the Constitution, with the Data Protection Office working towards a society where data protection is understood and practiced by all, emphasizing the sanctity of privacy in modern democracy.

  • Data Protection
  • Mauritius
  • Privacy Rights
  • ICT Sector
  • Data Security
keim_ana
keim_ana Follow

Uploaded on Feb 20, 2025 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Presented Presented by (Data Email: pmo-dpo@mail.gov.mu Tel: +230 201 36 04 Helpdesk: +230 203 90 76 Fax: +230 201 39 76 Website: http://dataprotection.gov.mu Address: 4th Floor, Emmanuel Anquetil Building, Port Louis Mrs Drudeisha (Data Protection by Mrs Protection Commissioner) Drudeisha Madhub Commissioner) Madhub

  2. The ICT The ICT Sector Sector in in Mauritius Mauritius ICT Aim Reinforces efficient framework growing ICT Sector Aim is is to to make Reinforces the efficient and framework for growing ITES Sector as as the make the the 3 3rd the ICT the importance and internationally for securing ITES- -BPO rdpillar ICT sector importance of of the internationally recognised securing the BPO sector pillar of of Mauritius sector the Mauritius economy the first the country recognised data the right economy pillar country to to have data protection right investment first pillar have an protection with a a an investment with sector. .

  3. Data Protection Law Right Constitution Data Protection Law Right to to privacy Constitution and privacy is is expressed and article expressed in in sections article 22 sections 3 3 and the Civil and 9 9 of of the the 22 of of the Civil Code Code Hence, and Hence, the and proclaimed the Data proclaimed in in 2009 Data Protection 2009 . . Protection Act Act (DPA) (DPA) was was enacted enacted in in 2004 2004 DPA provides the legal framework to ensure that personal information is handled properly DPA provides the legal framework to ensure that personal information is handled properly

  4. Data Protection Office Vision A society where Data Protection is understood and practiced by all Data Protection Office Vision A society where Data Protection is understood and practiced by all The right to privacy and data protection is primordial to the sanctity of any modern democracy The right to privacy and data protection is primordial to the sanctity of any modern democracy The adoption of clear procedures for the collection and use of personal data in a responsible, secure, fair and lawful manner, by all data controllers and data processors The adoption of clear procedures for the collection and use of personal data in a responsible, secure, fair and lawful manner, by all data controllers and data processors

  5. Role a) a) Ensure its Role of the Data Protection Office Ensure compliance its regulations of the Data Protection Office compliance with regulations with the the Data Data Protection Protection Act Act and and b) b) Issue purposes Issue or or approve purposes of of this approve codes this Act codes of of practice/guidelines Act practice/guidelines for for the the c) c) Create and Create and and data and maintain data processors maintain a a register processors register of of all all data data controllers controllers; ;

  6. Role d) d) Exercise Role of the Data Protection Office Exercise control of the Data Protection Office control on on all all data data processing processing activities activities e) e) Promote data Promote self data processors self- -regulation processors regulation among among data data controllers controllers and and Investigate rise have Investigate any rise to to a a suspicion have been, any complaint suspicion that been, is is being complaint or or information that an being or or is is about information which an offence, about to to be which give this Act committed give may f) f) offence, under be committed under this Act may g) g) Bring provisions Bring to to the provisions of of this the knowledge this Act knowledge of of the Act the general general public public the the

  7. Role Role of the Data Protection Office of the Data Protection Office h) h) Undertake data Undertake research data processing research into, processing into, and and monitor monitor developments developments in, in, i) i) Examine that have Examine any that may have adverse any proposal may involve adverse effects proposal for involve an effects on for data interference with, on the data matching with, or or may the privacy matching or or data data linkage may otherwise individuals linkage otherwise an interference privacy of of individuals Co countries, its Co- -operate countries, to to the its duties operate with the extent with supervisory extent necessary supervisory necessary for authorities for the authorities the performance of of other other j) j) performance of of duties

  8. Role Role of the Data Protection Office of the Data Protection Office k) k) Carry audits Carry out audits out periodical periodical security security checks checks and and compliance compliance

  9. Steps being taken by Mauritius Government for an improved regulatory framework Consideration European with (Convention Currently, being analysed. Steps being taken by Mauritius Government for an improved regulatory framework Consideration for European Convention with regard (Convention 108 Currently, being analysed. the signing for the Automatic Processing 108) ) for the signing and/or the Protection Processing of of Personal and/or ratification Protection of of Individuals Personal Data ratification of of the Individuals the Convention for regard to to Automatic Data

  10. Steps being taken by Mauritius Government for an improved regulatory framework To achieve adequacy with the European Union Steps being taken by Mauritius Government for an improved regulatory framework To achieve adequacy with the European Union An EU consultant was appointed by the European Commission to identify the deficiencies in the DPA through the CRID report An EU consultant was appointed by the European Commission to identify the deficiencies in the DPA through the CRID report A second EU consultant was appointed by the European Delegation in Mauritius on the amendments to be brought to the A second EU consultant was appointed by the European Delegation in Mauritius on the amendments to be brought to the DPA DPA. A draft amendment bill has been finalised. . A draft amendment bill has been finalised.

  11. Steps being taken by Mauritius Government for an improved regulatory framework Inclusion of data protection in the draft e Steps being taken by Mauritius Government for an improved regulatory framework Inclusion of data protection in the draft e- -government strategy government strategy Formulate and Implement Data Sharing Policy Formulate and Implement Data Sharing Policy Extract G4: Formulateand ImplementData Sharing Policy G G5 5: : Set Agencies Government holds huge quantities of data on citizens, businesses and land which will benefit from being organized centrally and shared among Government Agencies. As an example, citizen data will be captured once at the Civil Status Division and shared among Government systems. The sharing of data will be governed by a policy that ensures compliance with Data Protection Act and appropriate IT security requirements. One of the instruments of the Policy is the Government Service Platform that will specifically address sharing of citizen data. Extract below below: : Set up up Government Government Service Service Platform Platform and and sharing sharing of of citizens citizens data data with with Government Government Agencies

  12. Steps being taken by the improved regulatory framework Participation in Projects The Data Protection Commissioner has submitted her views on the enactment of a Child Online Safety Bill, enactment of an anti cryptographic laws in Mauritius and the Mauritius National Identity Card ( Steps being taken by the DPO improved regulatory framework Participation in Projects The Data Protection Commissioner has submitted her views on the enactment of a Child Online Safety Bill, enactment of an anti- -spam legislation, introduction of cryptographic laws in Mauritius and the Mauritius National Identity Card (MNIC DPO for an for an spam legislation, introduction of MNIC), ), amonsgt amonsgt many others. many others.

  13. Steps being taken by the regulatory framework Co The Francophone (AFAPDP) group The Warsaw, Privacy Has from Africa Steps being taken by the DPO regulatory framework Co- -operation The Data Francophone Association (AFAPDP) and group. . The office Warsaw, Poland Privacy and Has been from 13 Africa DPO for an improved for an improved operation with Data Protection with other Protection Commissioner Association of of Data and is is finalising other countries Commissioner is is a a member Data Protection finalising membership countries member of of the Protection Authorities membership with the Authorities with the the GPEN GPEN has been Poland at at the and Data been chosen 13 to to 16 office has been accredited the 35 Data Protection chosen to to host 16 October accredited on 35th thInternational Protection Commissioners host the October 2014 on 23 International Conference Commissioners the 36 2014 and 23 September September 2013 Conference for 2013 in in for 36th thEdition and the Edition of of the the first the Conference first conference Conference conference in in

  14. Steps being taken by the regulatory framework Ongoing Sensitisation Carrying out mass sensitisation programmes on MBC television to promote data protection awareness Organising and participating in workshops Conducting presentations in Ministries and organisations Preparation of booklet on data protection for primary school and course materials for a Certificate course at tertiary level and guidelines Steps being taken by the DPO regulatory framework Ongoing Sensitisation Carrying out mass sensitisation programmes on MBC television to promote data protection awareness Organising and participating in workshops Conducting presentations in Ministries and organisations Preparation of booklet on data protection for primary school and course materials for a Certificate course at tertiary level and guidelines DPO for an improved for an improved

  15. Steps being taken by the regulatory framework Steps being taken by the D DPO regulatory framework PO for an improved for an improved Envisaging to purchase forensic software tools to assist investigations for the creation of a forensic lab for research purposes and treatment of forensic evidence Envisaging to purchase forensic software tools to assist investigations for the creation of a forensic lab for research purposes and treatment of forensic evidence Computerising our services. Computerising our services.

  16. New technological advancements Concept of Cloud Technology and Open Data Becoming more common and the choice of many organisations because they can be rapidly provisioned and released with minimal management effort Caution : Accountability for security and privacy in public clouds remains in principle with the organisation, the data controller. The data processor, the cloud provider is also bound by the obligations of the data controller by a written contract. Privacy by design approach should be adopted by cloud providers to protect data New technological advancements Concept of Cloud Technology and Open Data Becoming more common and the choice of many organisations because they can be rapidly provisioned and released with minimal management effort Caution : Accountability for security and privacy in public clouds remains in principle with the organisation, the data controller. The data processor, the cloud provider is also bound by the obligations of the data controller by a written contract. Privacy by design approach should be adopted by cloud providers to protect data

  17. New technological advancements Precautions from a data protection perspective: New technological advancements Precautions from a data protection perspective: Identify security, privacy and organisational requirements to be met by the cloud provider Identify security, privacy and organisational requirements to be met by the cloud provider Perform risk and privacy impact assessments Perform risk and privacy impact assessments Establish a Service Level Agreement (SLA) on the expected level of service to be delivered including privacy and security provisions to secure the responsibility of cloud providers Establish a Service Level Agreement (SLA) on the expected level of service to be delivered including privacy and security provisions to secure the responsibility of cloud providers Put in place audit mechanisms to ensure that organisational practices are followed Put in place audit mechanisms to ensure that organisational practices are followed

  18. New technological advancements Precautions from a data protection perspective: Ensure availability of critical data during an intermediate or prolonged disruption or a serious disaster New technological advancements Precautions from a data protection perspective: Ensure availability of critical data during an intermediate or prolonged disruption or a serious disaster Ensure that resources made available to the cloud provider under the SLA are returned in a usable form and confirm with evidence that information has been properly expunged Ensure that resources made available to the cloud provider under the SLA are returned in a usable form and confirm with evidence that information has been properly expunged

  19. Guideline Privacy Enhancing Technologies for Effective Compliance with Data Protection Laws, Volume 7 Guideline Privacy Enhancing Technologies An absolute Necessity for Effective Compliance with Data Protection Laws, Volume 7 An absolute Necessity

  20. Strength Builds trust for safe and secure processing of personal data and protects the human right to privacy. Strength Builds trust for safe and secure processing of personal data and protects the human right to privacy. However, data protection laws, although technologically neutral, should be relevant, up to date and applicable to the current technological world, user friendly with simple terms to avoid interpretation complexities. However, data protection laws, although technologically neutral, should be relevant, up to date and applicable to the current technological world, user friendly with simple terms to avoid interpretation complexities.

  21. Limitation Some sections are still vague and subject to confusion thus amendments have been proposed to the local DPA. Limitation The DPAapplies only for the protection of personal data. A freedom of information legislation is required to ensure that all types of information are protected. An Information Commissioner will have more enlarged powers.

  22. Thank You Any Questions?

Related


Protection Analysis using the PAF

Protection Analysis using the PAF

kacper
The Digital Personal Data Protection Act 2023

The Digital Personal Data Protection Act 2023

edelweiss
Embracing Neurodiversity at Middlesex University Mauritius

Embracing Neurodiversity at Middlesex University Mauritius

paige
slidesgo-navigating-the-mauritius-visa-application-process-for-indian-citizens-20240702094243XMxk

slidesgo-navigating-the-mauritius-visa-application-process-for-indian-citizens-20240702094243XMxk

Pratik
Implementation of Sugar Tax on Sugar-Sweetened Products in Mauritius

Implementation of Sugar Tax on Sugar-Sweetened Products in Mauritius

katara
Strengthening Data Systems for Agricultural Resilience in Africa

Strengthening Data Systems for Agricultural Resilience in Africa

turquoise
NEREUS - Space-based Maritime Surveillance System for Fisheries Monitoring

NEREUS - Space-based Maritime Surveillance System for Fisheries Monitoring

ailbe
Macro-Economic Impacts of COVID-19 in Mauritius: Research Findings and Policy Recommendations

Macro-Economic Impacts of COVID-19 in Mauritius: Research Findings and Policy Recommendations

bethan
Intra-Household Gender Dynamics and Domestic Violence Impacts of Covid-19 in Mauritius

Intra-Household Gender Dynamics and Domestic Violence Impacts of Covid-19 in Mauritius

sylvester
Financing a Green Recovery in Mauritius: Challenges and Opportunities

Financing a Green Recovery in Mauritius: Challenges and Opportunities

zahraa
National Strategy and Action Plan to Eliminate Gender-Based Violence in Mauritius 2020-2024

National Strategy and Action Plan to Eliminate Gender-Based Violence in Mauritius 2020-2024

nashpaul
The General Data Protection Regulation (GDPR) and Data Protection Bill

The General Data Protection Regulation (GDPR) and Data Protection Bill

helena
Overview of Social Register of Mauritius and Marshall Plan against Poverty Reforms

Overview of Social Register of Mauritius and Marshall Plan against Poverty Reforms

posy
Common Framework on Public Health Protection and Health Security in the UK

Common Framework on Public Health Protection and Health Security in the UK

edie
Enhancing AML/CFT Measures: Overview of Mauritius' FATF Action Plan Implementation

Enhancing AML/CFT Measures: Overview of Mauritius' FATF Action Plan Implementation

brooklynn
Comprehensive Review and Drafting of Water Legislation for Mauritius

Comprehensive Review and Drafting of Water Legislation for Mauritius

neville
Poverty Measurement in Mauritius: An Overview of Monetary and Non-Monetary Approaches

Poverty Measurement in Mauritius: An Overview of Monetary and Non-Monetary Approaches

kafka
Preparing for EU General Data Protection Regulation with Revd. Mark James

Preparing for EU General Data Protection Regulation with Revd. Mark James

mercer
The Data Protection Act 2017: A Comprehensive Overview

The Data Protection Act 2017: A Comprehensive Overview

rowyn
Enhancing Competitiveness of Exporting SMEs in Mauritius

Enhancing Competitiveness of Exporting SMEs in Mauritius

adelinda
Groundskeeping Safety and Personal Protective Equipment Training

Groundskeeping Safety and Personal Protective Equipment Training

ives
Personal Data Protection Requirements in the Health Sector: EU Twinning Project Overview

Personal Data Protection Requirements in the Health Sector: EU Twinning Project Overview

elminb

More Related Content