Public Data Protection Act

Mastering the Somali Public Data Protection Act (Law No. 005/2023): A Comprehensive Certification in Institutional Governance, Lawful Data Processing, Subject Rights, Security Standards, Cross-Border Transfers, and Statutory Enforcement Mechanisms

Duration: 3 Days Language: English & Somali

Table of Contents

  1. Module 1: Legal Foundations, Definitions, and Scope(Ref: Public Data Protection Act, Articles 1-5)
  2. Module 2: The Data Protection Agency and Institutional Governance(Ref: Public Data Protection Act, Agency Establishment)
  3. Module 3: Principles of Lawful Personal Data Processing(Ref: Public Data Protection Act, Data Processing Principles)
  4. Module 4: Empowering Data Subjects(Ref: Public Data Protection Act, Subject Rights)
  5. Module 5: Security Standards and Breach Management(Ref: Public Data Protection Act, Security Requirements)
  6. Module 6: International Data Transfers and Administrative Compliance(Ref: Public Data Protection Act, Cross-Border Transfers)
  7. Module 7: Enforcement, Remediation, and Implementation(Ref: Public Data Protection Act, Penalties and Enforcement)

Overall Objective

This course is designed to provide a thorough understanding of the Public Data Protection Act, drawing on all 43 articles to ensure full compliance with the legal framework established on March 20, 2023.

Students will gain comprehensive knowledge of data protection principles, institutional governance requirements, and the rights of data subjects under Somali law.

The course equips legal practitioners to advise clients on lawful data processing, breach management, and cross-border data transfers in compliance with international standards.

Course Modules

Module 1: Legal Foundations, Definitions, and Scope

This introductory module explores the nomenclature and essential definitions of the Act, such as “Data Subject,” “Sensitive Personal Data,” and “Biometrics”.

It details the objectives of the law—protecting constitutional rights and promoting the digital economy—and defines the scope and exclusions, including exemptions for national security and public health.

Module 2: The Data Protection Agency and Institutional Governance

Learners will examine the establishment, powers, and duties of the Public Data Protection Agency.

This section covers the management board’s composition, the Director General’s responsibilities, and the strict rules regarding conflicts of interest and removal from office.

Module 3: Principles of Lawful Personal Data Processing

This module focuses on the core principles of data processing, emphasizing transparency, purpose limitation, and data minimization.

It provides detailed insights into obtaining valid consent, handling the data of children or persons without legal capacity, and the specific responsibilities of data processors.

Module 4: Empowering Data Subjects

Participants will study the specific rights granted to individuals, including the rights to access, correction, and deletion of personal data.

It also covers the right to withdraw consent, the right to object to processing that causes damage, and protections against automated decision-making and profiling.

Module 5: Security Standards and Breach Management

Focusing on technical and organizational safeguards, this module outlines requirements for encryption and pseudonymization.

It provides a step-by-step guide to the mandatory 72-hour breach notification process and the methodology for conducting Data Protection Impact Assessments (DPIA).

Module 6: International Data Transfers and Administrative Compliance

This section clarifies the criteria for cross-border data transfers based on adequacy or specific legal exceptions.

It also covers the administrative requirements for major data controllers, including mandatory registration, fee structures, and the appointment of Data Protection Officers (DPOs).

Module 7: Enforcement, Remediation, and Implementation

The final module addresses the legal consequences of non-compliance, detailing the Agency’s investigative powers, the imposition of administrative fines up to one million dollars, and the process for judicial appeals.

It concludes with the regulatory powers of the Agency and the formal implementation of the Act.

Glossary of Key Terms

Data SubjectAn individual whose personal data is being collected, stored, or processed.
Sensitive Personal DataData revealing racial origin, political opinions, health, or biometric information.
BiometricsUnique physical or behavioral characteristics used for identification (fingerprints, facial recognition).
Data ControllerThe entity that determines the purposes and means of processing personal data.
Data ProcessorAn entity that processes personal data on behalf of the controller.
ConsentFreely given, specific, informed agreement to data processing.
Data Protection Officer (DPO)Appointed official responsible for ensuring organizational compliance.
DPIAData Protection Impact Assessment – risk evaluation for high-risk processing.
72-Hour Breach NotificationMandatory timeline to report data breaches to the Agency.
Cross-Border TransferMoving personal data to a jurisdiction outside Somalia.

Why Choose This Course?

This course provides essential knowledge for legal practitioners navigating Somalia’s new data protection landscape.

With the digital economy expanding rapidly, lawyers who understand the 43 articles of the Public Data Protection Act will be in high demand by technology companies, financial institutions, and government agencies.

Gain the competitive edge by mastering breach notification protocols, international data transfer requirements, and the enforcement mechanisms that carry fines up to one million dollars.

Register for This Course

Complete the form below and we will contact you about upcoming sessions.