About the Data ProtectionAuthority of Somalia
The Somalia Data Protection Authority is the independent regulatory authority established under Data Protection Act No. 005 (2023) to oversee the protection of personal data, ensure privacy, and enforce compliance among organizations that process personal information.
A secure and privacy-respecting digital society where personal data is handled with transparency, accountability, and integrity
To ensure the protection of personal data and strengthen public confidence in Somalia’s digital ecosystem through effective regulation, enforcement, and awareness
Core Values
Independence — impartial supervision and sound decision-making
Integrity & Accountability — Upholding the highest ethical standards
Transparency — clear processes and open communication
Fairness — equal protection of all individuals
Professionalism — evidence-based, lawful, and timely regulation
Innovation — embracing digital advancement and efficient service delivery
Public Trust — serving with dedication to protect citizens’ rights
Key Principles
Lawfulness, Fairness & Transparency
Personal data must be processed legally, with fairness, and in a transparent manner that individuals can understand.
Purpose Limitation
Data should only be collected for clear, specific, and lawful purposes—and not used in ways incompatible with those purposes.
Data Minimization
Only the minimum amount of personal data necessary for the intended purpose should be collected.
Accuracy
Personal data must be accurate and kept up to date. Inaccurate information must be corrected or deleted without delay.
Storage Limitation
Personal data should not be stored longer than necessary and must be securely disposed of when no longer needed.
Confidentiality & Security
Organizations must protect personal data from unauthorized access, loss, misuse, or disclosure using appropriate technical and organizational measures.
Accountability
Data controllers and processors are responsible for demonstrating compliance with all data protection principles.
The Authority performs its functions independently and in accordance with the law, without undue influence, while remaining accountable through legally established oversight mechanisms.
Build a compliant national data protection culture
- Protect individual privacy rights
- Strengthen digital trust for economic and technological growth
- Promote responsible innovation and cross-border data governance
- Provide public education and sector-specific guidance