At least 20 feared dead in Nigeria boat accident, officials say
Joseph Isangura
The Personal Data Protection Commission (PDPC) has issued a final notice to public and private institutions involved in handling personal data, giving them four months to register under the Registration and Compliance Management Information System (RCMIS).
The ultimatum aims to enforce compliance with the Personal Data Protection Act, which came into effect on May 1, 2023. Institutions that fail to register by the April 31, 2025, deadline risk facing severe legal consequences.
Speaking in Dodoma, Dr. Emmanuel Mkilia, the PDPC Director General, expressed concern over the slow pace of registration. “Many institutions are yet to start or complete the registration process, which jeopardizes efforts to protect citizens’ privacy rights and personal data,” he said.
Dr. Mkilia warned that institutions found non-compliant after the grace period would face penalties, including substantial fines and other legal actions as outlined in the law. “Starting May 1, 2025, we will partner with law enforcement agencies to take action against those that have not met the requirements,” he added.
The directive is part of the government’s broader push to strengthen the legal framework for safeguarding personal data, which is critical to building trust in Tanzania’s growing digital economy. Dr. Mkilia emphasized that compliance with the law is essential for maintaining public confidence and fostering economic growth through digital transformation.
“Kutozingatia sheria kunahatarisha faragha za wananchi na kudhoofisha maendeleo ya kiuchumi katika ulimwengu wa kidigitali,” he said, underscoring the potential negative impact of non-compliance on both privacy and economic progress.
Also Read; Brazil’s Leadership Plans for BRICS in 2025
To date, only a fraction of institutions have completed the registration process. The PDPC is now intensifying awareness efforts to ensure all eligible organizations understand their legal obligations and the importance of adhering to data protection standards.
Institutions failing to register by the deadline will face strict penalties. “Legal consequences include fines and, in some cases, suspension of operations. These measures are designed to ensure accountability and protect individuals’ privacy rights,” Dr. Mkilia noted.
The Personal Data Protection Act mandates institutions to handle personal data responsibly, ensuring its collection, processing, and storage comply with established standards. The law applies to both local and international entities operating in Tanzania, reflecting the country’s commitment to global best practices in data governance.
Dr. Mkilia urged institutions to treat the registration deadline with urgency. He highlighted the PDPC’s readiness to assist organizations in navigating the registration process, offering support and resources to ease compliance challenges.
“This is not just about avoiding penalties. It’s about demonstrating a commitment to protecting the privacy of the people we serve and fostering a secure digital environment,” he said.
