BAI: Kz 100,500 ▲ 5.8% | BFA: Kz 118,000 ▲ 138.4% | USD/AOA: 914.60 ▲ 0.2% | Oil (Brent): $74.50 ▲ 3.2% | Gold: $2,920 ▲ 12.1% | BT 91d Yield: 14.8% | Inflation: 15.7% YoY | BNA Rate: 17.5% | BAI: Kz 100,500 ▲ 5.8% | BFA: Kz 118,000 ▲ 138.4% | USD/AOA: 914.60 ▲ 0.2% | Oil (Brent): $74.50 ▲ 3.2% | Gold: $2,920 ▲ 12.1% | BT 91d Yield: 14.8% | Inflation: 15.7% YoY | BNA Rate: 17.5% |
Home Angola Financial Regulation Hub Data Protection Law in Angola

Data Protection Law in Angola

Data Protection Law in Angola — regulatory intelligence for Angola.

Data Protection in Angola — Lei 22/11

Angola’s data protection framework is governed by Lei 22/11 (Lei de Proteccao de Dados Pessoais), enacted in June 2011. The law establishes rules for the collection, processing, storage, and transfer of personal data, drawing on principles similar to the EU’s data protection framework.

Scope and Application

Lei 22/11 applies to:

  • All natural and legal persons that process personal data in Angola
  • Data processing activities conducted by Angolan entities abroad
  • Foreign entities processing data of Angolan residents

The law covers both automated and manual processing of personal data, including data held by financial institutions, telecommunications companies, healthcare providers, and government agencies.

Key Principles

Principle Description
Lawfulness Data must be collected and processed lawfully with a valid legal basis
Purpose Limitation Data may only be used for the specific purposes for which it was collected
Data Minimization Only data necessary for the stated purpose may be collected
Accuracy Data controllers must ensure personal data is accurate and up to date
Storage Limitation Data must not be retained longer than necessary
Security Appropriate technical and organizational measures must protect personal data
Transparency Data subjects must be informed about how their data is processed

Data Subject Rights

Individuals have the right to:

  • Access their personal data held by any controller
  • Request correction of inaccurate data
  • Object to data processing in certain circumstances
  • Request deletion of data that is no longer necessary
  • Be informed of any data breaches affecting their personal information

APD — Data Protection Authority

The Agencia de Proteccao de Dados (APD) is the supervisory authority responsible for enforcing Lei 22/11. The APD has the power to conduct investigations, issue orders to data controllers, and impose administrative fines for non-compliance.

Data controllers must register their data processing activities with the APD before commencing operations. Cross-border data transfers require prior APD authorization unless the receiving country provides an adequate level of data protection.

Implications for Financial Services

Financial institutions, including banks, brokers, and CMC-licensed entities, must comply with Lei 22/11 in addition to sector-specific data requirements imposed by the BNA and CMC. Key obligations include:

  • Obtaining explicit consent for marketing communications
  • Implementing data breach notification procedures
  • Ensuring secure storage of KYC documentation
  • Restricting cross-border transfers of client financial data

GDPR Alignment

While Lei 22/11 predates the EU’s General Data Protection Regulation, it shares several foundational principles. However, Angola’s framework lacks some GDPR provisions, including the right to data portability and the requirement for data protection officers. Ongoing regulatory reform may bring further alignment with international standards.

We value your privacy
We use cookies and similar technologies to provide essential site functionality, analyse traffic, and serve personalised advertisements via Google AdSense. You can accept all cookies, reject non-essential cookies, or customise your preferences. Read our Cookie Policy and Privacy Policy.
Strictly Necessary
Required for the site to function. Cannot be disabled.
Analytics
Help us understand how visitors interact with the site (Google Analytics).
Advertising
Used to deliver relevant advertisements via Google AdSense.