Law: Law No. 2019-014 Relating to the Protection of Personal Data (only available in French here) ('the Law')

Regulator: Togolese data protection authority ('IPDCP') (not yet established)

Summary: The Law was published in the Official Gazette in October 2019 and regulates the collection, processing, transmission, storage, and use of personal data in Togo. The Law has mandated the establishment of the IPDCP, but this authority has yet to take form. Once established, the IPDCP will be responsible for, among other things, ensuring compliance with the Law, approving the charters of use presented to it, and keeping a directory of personal data processing bodies publicly available. The Law also provides for data protection officers ('DPOs') and requires that the appointment of a DPO is notified to the IPDCP. Notably, the Law does not contain provisions regarding data breach notification. Other significant pieces of legislation include Law No. 2012-018 on Electronic Communications (only available in French here) and Act No. 2017-07 on Electronic Transactions (only available in French here). In addition, the National Assembly has adopted a bill on cybersecurity and the fight against cybercrime in order to transpose Directive C/DIR. 1/08/1 on Fighting Cybercrime within the Economic Community of West African States into Togolese law.