Location WhatsApp/Call : +255 749 900 355 info@darstateattorneys.co.tz

Is Your Business Ready for Tanzania’s New Data Privacy Law

Here’s What You Must Do to Stay Compliant.

In today’s digital world, personal data is the new gold, but with great power comes great responsibility. Whether you're running a bank, an online store, a telecom company, a hospital, or even a small business that collects customer data, you need to ensure you're following Tanzania’s Personal Data Protection Act, 2022.

Failing to comply with data privacy laws can result in hefty fines, reputational damage, and loss of customer trust. But don’t worry—we’ve got you covered. Here’s a simple, practical guide to help your business stay compliant and avoid legal trouble.


Why Does Data Privacy Matter for Your Business?

  • Imagine this: A customer trusts you with their personal details—name, phone number, bank details, or even medical records. They expect you to keep it safe. But what if their information is leaked, hacked, or sold without their consent?
      🔴 You could be sued—Customers have the right to take legal action if their data is misused.
      🔴 You could be fined—Tanzania’s new law imposes harsh penalties for companies that mishandle personal data.
      🔴 You could lose customers—A data breach could destroy your reputation overnight.
      The solution? Make sure your business is compliant with data privacy laws.

    • Data Privacy Checklist: Is Your Business Compliant?

    Follow these 11 simple steps to ensure your business is fully compliant with Tanzania’s Personal Data Protection Act, 2022.

    1) Appoint a Data Protection Officer (DPO) (If Required)

    If your business processes large amounts of sensitive data (e.g., banks, hospitals, government agencies), you may need to appoint a Data Protection Officer to oversee compliance.

  • Example: A hospital must appoint a DPO to ensure patient medical records are protected.

    • 2) Get Consent Before Collecting Customer Data

    You cannot collect or use people’s personal data without their permission. Always ask for clear and informed consent before collecting customer information.

  • Example: A mobile money provider like M-Pesa must get user consent before using phone numbers for marketing.

    • 3) Be Transparent: Inform Customers About Their Data Rights

    Customers must know what data you’re collecting and why. Create a Privacy Policy that explains:

    • i. What data you collect
      ii. How you use it
      iii. How customers can access or delete their data
       Example: A website must have a Privacy Policy that explains how user data is stored and shared.

    • 4) Only Collect the Data You Actually Need

    Ask yourself: Do I really need this information?
    Avoid collecting excessive personal data that isn’t necessary for your business operations.

  • Example: A job application should NOT ask for an applicant’s religion or marital status unless legally required.

    • 5) Protect Customer Data from Hackers & Unauthorized Access

    Use encryption to protect sensitive customer data. Restrict who in your company has access to personal information. Invest in cybersecurity measures to prevent data breaches.

  • Example: A bank must encrypt online banking details to prevent hackers from stealing customer data.

    • 6) Don’t Keep Data Longer Than Necessary

    Define how long you will store customer data then Delete or anonymize data when it is no longer needed.

  • Example: A telecom company should delete inactive customer records after a legally required period.

    • 7) Allow Customers to Access, Correct, or Delete Their Data

    Customers have the right to see what data you have on them.
    They can also request corrections or deletions if the data is outdated or incorrect.

  • Example: A bank customer can request a copy of their transaction history and correct any errors.

    • 8) Report Data Breaches Within 72 Hours

    If your company suffers a data breach, you must:

    • i. Report it to the Data Protection Commission within 72 hours.
      ii. Notify affected customers if their data is at risk.
       Example: If a hospital leaks patient medical records, they must immediately notify authorities.

    • 9) Train Your Employees on Data Privacy Rules

    Your team must understand how to handle personal data responsibly. Provide regular training to ensure compliance.

  • Example: A customer service agent should NEVER share customer details with unauthorized people.

    • 10) Sign Data Protection Agreements with Third-Party Vendors

    If your business shares personal data with service providers (e.g., cloud storage, payment processors, marketing agencies), make sure they also comply with Tanzanian data protection laws.

  • Example: A bank outsourcing call center services must ensure the service provider follows data privacy regulations.

    • 11) Register with the Personal Data Protection Commission (If Required)

    If your business processes large amounts of personal data, you need to register as a Data Controller with the Data Protection Commission.

  • Example: A social media company operating in Tanzania may need to register and comply with the law.


    • What Happens If You Don’t Comply?

  • If your business fails to follow these rules, you risk:
      i. Heavy fines
      ii. Legal action from affected customers
      iii. Reputational damage and loss of customers
       Example: If a telecom company sells customer phone numbers without permission, it could face fines and lawsuits.

    • How We Can Help You Stay Compliant

  • Navigating Tanzania’s data protection laws can be complex, but we’re here to help.
      1) Privacy Policy Drafting – We create legally compliant privacy policies tailored to your business.
      2) Data Protection Compliance Audits – We review your company’s data practices to ensure full compliance.
      3) Employee Training on Data Privacy – We educate your staff on best practices for handling customer data.
      4) Legal Representation – We help defend businesses facing data privacy complaints or investigations.
      5) We help register companies with the Private Data Commission


    • Final Takeaway: Act Now Before It’s Too Late!

    Tanzania’s data protection law is already in effect, which means businesses must take compliance seriously. Protect your customers, avoid fines, and build trust by following these 11 steps.
    Let’s Talk! Contact us today to ensure your business is 100% compliant, secure, and protected.

    Need expert help?

    Contact us today and let’s secure your business together!

    Contact Us
    DarState Attorneys
    Location +255 749 900 355

    As lawyers, we at Darstate Attorneys, our responsibility is to ensure that we guide and advise you on the basic principles and legal procedures in promoting your business, whether be it a service or a product.

    NEWSLETTER
    Services

    The Legal profession is different from other professions especially when it comes to the issue of concentration in advising and acting.