Financial Crime World

Here is the converted article in Markdown format:

Gambia Introduces New Data Protection Policy to Ensure Personal Data Security

The Gambia has introduced a new data protection policy aimed at ensuring the security and integrity of personal data in the country. The policy, set to come into effect soon, requires controllers and processors of personal data to take appropriate measures to prevent accidental or unauthorized access, destruction, loss, use, modification, or disclosure of such data.

Requirements for Controllers

Under the new policy, controllers are required to notify the competent supervisory authority without delay in the event of a data breach that may seriously interfere with the rights and fundamental freedoms of data subjects. The policy also requires controllers and processors to take all appropriate measures to comply with the provisions set out in the policy and applicable data protection and privacy law.

Data Transfers

The policy sets out guidelines for the transfer of personal data across borders, requiring that at least an equivalent level of protection be afforded to such data. The policy allows for data transfers where:

  • An appropriate level of protection is guaranteed by the law of the receiving country or international organization;
  • Explicit consent has been given by the data subject after being informed of the risks arising in the absence of appropriate safeguards;
  • Specific interests of the data subject require it; or
  • It is necessary and proportionate for the freedom of expression.

Data Protection Impact Assessments

The policy does not require controllers to conduct data protection impact assessments, which are mandatory under other jurisdictions. However, it encourages controllers to consider the potential risks and consequences of processing personal data and take steps to mitigate them.

Data Subject Rights

The policy grants individuals certain rights in relation to their personal data, including:

  • The right to be informed about the processing of their personal data;
  • The right to access their personal data;
  • The right to rectification and erasure of inaccurate or incomplete personal data;
  • The right to object to the processing of their personal data; and
  • The right not to be subject to automated decision-making.

Penalties

The policy does not stipulate penalties for non-compliance. However, it sets out that a key objective is to establish an independent and impartial national supervisory authority empowered to oversee, monitor, and enforce compliance with the data protection and privacy rights of individuals.

Conclusion

With the introduction of this new policy, the Gambia aims to strengthen its data protection framework and ensure the security and integrity of personal data in the country.