Following the coming into force of the Somalia Data Protection Act (SDPA or Act) by President Hassan Sheikh Mohamud in March 2023, the Act established the office of the Data Protection Authority (Authority) which was charged with the implementation and operationalization of the provisions of the Act. The SDPA is Somalia’s first comprehensive law on data protection. As with the general approach to data protection regulation, the SDPA created the Authority for the regulation of the SDPA.¹ 

The Authority was officially launched in February 2024, although it had commenced its activities prior to this time. The authority was established to guide the implementation and operationalization of the provisions of the Act. The authority is also saddled with the responsibility of registering data controllers and data processors of major importance, registering data protection compliance organisations, promoting awareness on the duties and obligations of data controllers and data processors, receiving complaints in respect of data protection violations, conducting investigations, thereafter imposing fines on violators and ´issuing regulations in accordance with the Act.²

Despite the notable achievement of passing the SDPA, Somalia still faces challenges pertaining to having a coordinated regulatory authority that will enforce strict compliance with the provisions of the Act, while establishing a data protection environment that can enhance innovation. In conclusion, the establishment of the Authority in accordance with the provisions of the SDPA, marks a pivotal step in personal data protection within Somalia. Furthermore, it serves as a significant improvement in the annals of the country’s digital and data protection laws. Should the Authority effectively fulfil its objectives, it is only a matter of time before Somalia becomes reputable for high data protection standards.