Data Protection Authority - Somalia

Data Protection Authority - Somalia

(DPA) is the national independent authority responsible for protecting personal privacy and monitoring that all organizations are compliant with the Data Protection Act (no.005 which was passed in March 2023).
The role of DPA is to implement the Data Protection Act, as well as providing services that facilitate protection of personal data, such as; awareness campaigns, registration, trainings, creating and passing regulations specific to storing and processing data.


  • In data protection, a data controller is an entity that decides why and how personal data is processed, bearing the main responsibility for compliance with data protection laws. They set the purpose and methods for data processing, ensuring legality and security, and handling individual data rights.
    A data processor, on the other hand, is an entity that processes data on behalf of the controller. They act under the controller's instructions and have specific obligations, particularly regarding data security.


  • People whose personal information are collected, stored and processed are called data subjects.
    Know your rights and learn how to protect your data privacy, online and offline.

How We Can Help


DPA establishes a robust privacy and security framework by drafting clear policies and procedures, setting high data protection standards, and maintaining meticulous records to ensure compliance and safeguard sensitive information.


DPA conducts internal audits on Data protection Act, ISO 27001, and information security compliance to identify gaps and enhance data protection practices, ensuring organisations meet legal and best practice standards.


DPA enhances organisational compliance and data protection awareness through tailored onsite training and continuous awareness programs, delivered by DPA and data security experts to meet specific needs.

Due Diligence

DPA ensures organisational compliance and data security through rigorous due diligence reviews in supply chain, technology, procurement, and M&A activities, emphasising robust data protection practices and risk mitigation.


DPA offers comprehensive advisory services, including strategic planning, policy development, impact assessments, and risk management, to guide organisations in establishing robust governance and ensuring compliance with data protection laws.


DPA provides essential support for Data protection Act compliance and cybersecurity through a helpline, expert management services, and DPO-as-a-Service, helping organisations safeguard sensitive data and navigate regulatory complexities.