Somalia: Implemented Data Protection Act 2023 including data protection authority governance

On 23 March 2023, the Data Protection Act 2023 was implemented following its publication in the Official Bulletin. The Act establishes mechanisms for cross-border data transfers. In general, transfers may be made to countries which afford an adequate level of protection, or if the recipient is subject to, for example, a law, binding corporate rules, contractual clauses, codes of conduct, or certification mechanism providing adequate protection. The data protection authority may designate a country as providing adequate protection. In the absence of adequate protection, transfers may still be made if, for example, the data subject has given consent. If none of these conditions are given, a limited transfer made be made for the purposes of compelling legitimate interests, provided that safeguards are taken and both the data subject and the authority are informed.