Financial Crime World

Data Protection and Privacy in Finance Remains Unregulated in The Gambia

The Gambia’s financial sector is yet to benefit from comprehensive data protection laws, leaving individuals’ personal information vulnerable to unauthorized access.

Limited Provisions

While the Information and Communications Act of 2009 does provide some provisions for data processing and retention, it only applies to the provision of information and communication services. This narrow scope excludes the financial sector, leaving a significant gap in data protection regulations.

Incomplete Legislation

The Gambia Public Utilities Regulatory Authority’s (PURA) Draft Data Protection and Privacy Policy Strategy 2019 sets out data subject rights, but it remains a non-binding document without legal force. The ICTA Act of 2019, which establishes an agency for information and Communications Technology, aims to promote the optimum use of information and communication technologies and enforces standards for information technology planning, including data security and risk management.

International Obligations

The Gambia is also a signatory to the Economic Community of West African States’ Supplementary Act A/SA.1/01/10 on Personal Data Protection, which requires each member state to establish a data protection authority to ensure personal data is processed in compliance with its provisions. Although The Gambia has not yet transposed the act domestically, once it comes into force, any entity intending to collect and process personal data of a private individual will be required to make a formal request to the data protection authority.

Risks and Recommendations

The lack of comprehensive data protection laws poses significant risks to individuals’ financial information, making it vulnerable to:

  • Unauthorized access
  • Hacking
  • Other cyber threats

To address these risks, The Gambia’s government is urged to take immediate action to enact a single comprehensive general data protection law to protect the rights of its citizens and promote trust in the country’s financial sector.

Key Recommendations

  • Enact a single comprehensive general data protection law
  • Establish a data protection authority to ensure compliance with international obligations
  • Provide clear guidelines for data processing, retention, and security
  • Promote awareness and education on data protection and privacy rights among citizens and businesses.