Ethiopia: Financial Consumer Protection (Directive No. FCP/01/2020) including security obligations entered into force

On 25 February 2021, the Financial Consumer Protection Directive No. FCP/01/2020 entered into force. The directive mandates that Financial Services Providers implement policies to ensure data confidentiality and security, inform consumers about these policies and data practices, and make them accessible. Providers must protect data through organisational, physical, and technical measures, collect data lawfully for legitimate purposes, and use it consistently with the original collection purpose or with explicit consent. They must ensure third parties handle data securely, allow consumers to access their data, and correct inaccuracies, notifying relevant third parties. The "Credit Reference Bureau Directive No. CRB/02/2019" provisions also apply.