Tanzania has recently launched Personal Data Protection Commission (PDPC), a significant development for privacy and data security, following the enactment of Landmark Legislation “the Personal Data Protection Act of 2022.

The introduction of the establishment of the Personal Data Protection Commission (PDPC) marks a pivotal shift, placing greater emphasis on individual privacy and data security and align Tanzania with global standards in data protection and privacy.

Overview of the Personal Data Protection Commission (PDPC)

Purpose and Role:

• Regulation and Enforcement: The PDPC is responsible with ensuring compliance of the Data Protection Act, 2022. It monitors how personal data is handled and processed by organizations and takes action against non-compliance.
• Register Controller and processors: It oversees the registration of data controllers and processors.
• Research and Corporation: The PDPC monitors development of  technology and collaborates with other countries in managing personal data protection.
• Complaint Handling: The Commission handles complaints from individuals regarding data breaches or misuse of personal data. It investigates these complaints and enforces remedies where necessary.

The establishment of the Personal Data Protection Commission is a critical step in implementing and enforcing Tanzania’s data protection laws. By having a dedicated authority, Tanzania ensures that there is a structured approach to managing personal data, addressing privacy concerns, and fostering a culture of data protection within the country.

• As the PDPC becomes fully operational, it will play a key role in shaping data protection practices in Tanzania and enhancing confidence among consumers and businesses in the handling of personal data.

IMPACTED SECTORS

1. Financial Services

• Banks and Financial Institutions: These entities handle sensitive personal and financial information, such as account details, transaction records, and credit information. They must ensure stringent data protection measures to prevent breaches and misuse of customer data.
• Insurance Companies: They collect personal and health information for policy underwriting and claims processing, requiring robust data protection practices.

2. Healthcare

• Hospitals and Clinics: Medical institutions manage sensitive health records, patient histories, and other personal health information, which must be protected to ensure privacy and comply with data protection regulations.
• Pharmacies: Pharmacies handles personal data related to prescriptions and patient health information, necessitating careful management and protection.

3. Telecommunications

• Mobile and Internet Service Providers: These companies process vast amounts of personal data, including communication records, browsing histories, and customer identification details. Ensuring the security and confidentiality of this data is critical.

4. Retail and E-Commerce

• Online Retailers: E-commerce platforms collect and store personal information such as payment details, addresses, and purchase histories. They must implement strong data protection measures to safeguard Client’s data.
• Physical Retail Stores: Retailers that collect customer information for loyalty programs or marketing purposes also need to adhere to data protection requirements.

5. Education

• Educational Institutions: Schools, colleges, and universities manage personal data related to students, faculty, and staff, including academic records, contact details, and health information. They must ensure that this data is securely managed and protected.

6. Public Sector

• Government Agencies: Various government bodies handle personal data related to citizens, such as tax records, social services information, and identification details. Data protection regulations require them to manage this information securely and transparently.

7. Technology and IT Services

• Software Providers: Companies that develop or provide software solutions, including cloud storage services, must ensure their platforms comply with data protection standards to safeguard user data.
• Data Processors: Entities that process personal data on behalf of other organizations need to adhere to strict data protection measures to ensure compliance and protect data.

8. Marketing and Advertising

• Marketing Agencies: These organizations handle customer data for targeted advertising and promotional activities. They must ensure that they collect, process, and store data in compliance with data protection laws.

9.   Legal Services

• Law Firms: Legal professionals, manage sensitive personal information related to clients, including case details, personal history, and legal documentation. They must maintain strict confidentiality and security measures.

10. Travel and Hospitality

• Travel Agencies: These businesses collect personal data related to travel bookings, including passport information, travel itineraries, and payment details, which must be securely managed.
• Hotels and Resorts: Hospitality establishments handle personal information such as guest records, booking details, and payment information, requiring adherence to data protection standards.

Across these sectors, the Data Protection Act, 2022 mandates that organizations implement robust data protection measures to ensure the confidentiality, integrity, and security of personal data. By doing so, they are not only comply with legal requirements but also build trust with their customers and stakeholders in an increasingly privacy-conscious environment.

REGISTRATION

The registration process for data protection in Tanzania is a vital  and mandatory step for organizations to comply with the Data Protection Act 2022 and its Regulation. Any collection or processing of personal data without being registered is unlawful.

Failure to register is an offence, whereas upon conviction one may be liable to fine or imprisonment to a term of five (5) years or both.

STEP BY STEP GUIDE TO PDPC REGISTRATION

The Act has put into place several key steps to ensure that organisations adhere to the requirements of handling personal data. These steps are as follows:

1. Prepare your Documents;
2. Submit your Application with fees;
3. Application Verification within 7 days;
4. Application Decision; and
5. Maintaining Your Registration

The Data Protection Act, 2022, and the establishment of the Personal Data Protection Commission represent a pivotal advancement in safeguarding personal data in Tanzania. It is imperative for organizations to act swiftly and diligently.

Registering with the Commission not only ensures compliance with the newly enacted Act but also underscores a commitment to upholding the highest standards of data protection and privacy.

By proactively assessing and refining data handling practices, businesses can avoid potential penalties and build stronger trust with customers and stakeholders. This registration is not merely a regulatory obligation but an opportunity to demonstrate organizational responsibility and dedication to protecting personal information in today’s increasingly privacy-conscious environment.

Ultimately, the Personal Data Protection Commission will play a crucial role in guiding, monitoring, and enforcing compliance, thereby contributing to a secure and transparent data management landscape. Embracing these changes and meeting the registration requirements will position organizations to thrive in a digital age where data protection is paramount.

 

Further Information:

This editorial is intended to give you a general overview of the Law. If you would like further information and clarification on any issue raised in this editorial, please contact.

Haika-Belinda John Macha
Partner
E: hb.macha@vemmaattorneys.co.tz
M: +255 717 307 999

Haika Allen Mrango
Associate
E: h.mrango@vemmaattorneys.co.tz
M: +255 746 716 191

A mortgage is a legal agreement  where a bank or financial institution lends money to a person or an institution, repayable at an agreed length of time in series of payments  with interest. The loan is usually secured/protected by taking title of the debtor’s property, with the condition that the conveyance of title becomes void upon the payment of the debt.

GOVERNING LAWS

1. The Land Act Cap 113 R.E 2019
2. Land Registration Act Cap 334 R.E 2019
3. Land Regulations Act 2001

Over two decades, the position of law derived from Section 126 (d) of the Land Act, Cap 113 [RE. 2019] has been that; where there is an act of default by the borrower, the lender is entitied to exercise his powers of sale conferred to him under the Land Act and Mortgage Deeds. Such position can even be traced prior the promulgation of the Land Act. In the case of Agency Cargo International v. Eurafrican (T) Ltd, Civil Case No. 144 of 1998 (unreported). His Lordship Nsekela, J (as he then was) observed:

“The object of security is to provide a source of satisfaction of the debt covered by it. The respondent to continue being in banking business must have funds to lend and which has to be repaid by its debtors …it is only fair that banks and their customers should enforce their respective obligations under the banking system”.

PROCEDURES/STEPS TO BE TAKEN BEFORE SELLING A MORTGAGED PROPERTY.

The Land Act, Cap 113 (R.E 2019) stipulates the procedures/steps to be taken before the Lender exercises his powers of sale as follows:

1. ISSUANCE OF SIXTY (60) DAYS NOTICE

Section 127 of the Land Act CAP 113 [R.E 2019] requires the Lender to issue the Borrower with a Sixty (60)days notice. When the Borrower’s property is sold by the Lender before the issuance of the sixty (60) days notice the said sale will be null and void. The provision  provides that:-

“where there is a default in the payment of any interest or any other payment or any part thereof or in the fulfilment of any condition secured by any mortgage or in the performance or observation of any covenant, express or implied, in any mortgage, the mortgagee shall serve on the mortgagor a notice in writing of such default”

As per the cited provision of the law, the Borrower / Mortgagor has to be issued with a sixty days notice, whereas the notice will be in a written form stipulating of such default.

The said  notice shall also mention the nature of the loan and extent of the default and it has to be dully served to the mortgagor.

2. 14 DAYS NOTICE

Subsequently, after the Mortgagor has been served with a sixty days notice as illustrated above and he/she fails to pay the debt after being notified, Section 134(2) of the Land Act confers power of sale to the Mortgagee/ Lender to exercise sale of the Mortgaged property through public auction.

Section 12(2) (3) of the Auctioneer Act CAP 227 R.E 2002 (now 2010) provides that, no sale by auction shall take place until fourteen (14 days) public notice thereof has been given at the principal town of the district where the property intended to be auctioned is situated. Such notice has to be published in a Swahili and an English Newspaper as it has been provided by Section 12 (3) of Auctioneers Act CAP 227 R.E 2002 and such notice shall state the name and place of residence of the owner. The essence of giving such notice is to afford the Borrower sufficient time to arrange for the redemption of the mortgaged property. More so, it is to make sure that, the public is  adequately notified to participate on the date of auction so that the Lender can obtain the best price possible.

3. SALE OF THE MORTGAGED PROPERTY

After the Mortgagor has been issued with the sixty (60) days notice together with the fourteen (14) days notice and still he/she fails to repay the loan, the Mortgagee will proceed through the services of a registered Auctioneer to sale the mortgaged property by Public Auction.

The Mortgagee owes a duty of care to the Mortgagor, to obtain the best reasonable price at the time of sale of the Mortgaged property, and has to make sure that, the Mortgaged property is sold not less than 25% of the market value as illustrated by Section 133(1) and (2) of the Land Act CAP 113 R.E 2019.

The person who turns out to be the highest bidder (bonafide purchaser) will purchase the mortgaged property and will be awarded a certificate of sale.

The law protects the rights of a bonafide purchaser as a person who bought the property in  good faith so he/she does not have any obligation to inquire into whether the 60 days default notice and fourteen (14) days public notice to conduct the auction were duly issued. Section 51 of the Land Registration Act R.E 2002 requires  the bonafide purchaser to be registered by the Registrar of Titles without inquiring whether the default accrued or whether any notices were  duly served.

CONCLUSION

Sale of a Mortgaged property is not the end of the Mortgagor to seek his rights in case of default after the Mortgagee has exercised his power of sale where the sale was flouted with irregularities, the law provides for remedies to the Mortgagor who has been prejudiced by the sale. This position has been established in the case of Gordebetha Lukanga vs. CRDB Bank Ltd & others (Civil Appeal 25 of 2017) [2021] TZCA at Dar es salaam where the Justices of Appeal held that:

“notwithstanding the above stated position, the law has not left without remedy the Mortgagor who has been prejudiced by the act of the Mortgagee of selling a mortgaged property without complying with the requirement of the law. The remedy is provided for under Section 135(4) of the Land Act R.E 2019”

And the Appeal Judges went further that, if the Borrower was able to prove that the Auctioneer did not issue a sufficient notice, before conducting the auction. In that circumstance, the Borrower’s rights against the Lender is to seek for legal remedies in the Court of Law.

Further Information:

This editorial is intended to give you a general overview of the Law. If you would like further information and clarification on any issue raised in this editorial, please contact.

Haika-Belinda Macha
Partner
E: hb.macha@vemmaattorneys.co.tz