Overview

Data protection in the Republic of Seychelles is governed by the Data Protection Act, 2023, which came into effect following its passage in December 2023. The Act modernises the legal framework for privacy and personal data protection, replacing the earlier Data Protection Act and setting out contemporary standards for how personal information must be handled.

The purpose of this legislation is to safeguard the privacy rights of individuals, regulate the collection and processing of personal data, and strengthen trust in the use of digital and electronic information across public and private sectors.

Who Oversees Data Protection?

The Information Commission is the statutory body responsible for implementing, monitoring, and enforcing the provisions of the Data Protection Act, 2023. As an independent oversight body, the Commission supports compliance with the law and promotes best practices in data protection across organisations and public authorities.

Key Principles of the Data Protection Act, 2023

Under the Act, personal data must be:

  • Collected fairly and lawfully, with transparency about its use.
  • Processed only for legitimate purposes and not further processed in ways that are incompatible with those original purposes.
  • Adequate, relevant and limited to what is necessary for the intended purpose.
  • Accurate and kept up to date where required.
  • Kept secure and protected against unauthorised access or disclosure.
  • Retained no longer than necessary and disposed of securely.

The law also provides data subjects with rights including access to their information, the ability to rectify incorrect data, and, in certain circumstances, the right to erasure.

Scope and Applicability

The Act applies to all organisations and public bodies operating in Seychelles that collect, store, or process personal data, as well as foreign entities that process data related to individuals in Seychelles in certain circumstances. Explicit consent is required in many cases before personal data is processed.

Organisations are expected to adopt appropriate policies and technical safeguards to uphold these principles and to respect the privacy of individuals at every stage.

Enforcement and Compliance

The Information Commission has powers to:

  • Investigate complaints and data breaches.
  • Conduct audits and compliance reviews.
  • Issue enforcement notices requiring corrective action.
  • Impose administrative fines for contraventions of the Act where appropriate.

The Commission also provides education and outreach to promote awareness of data protection rights and obligations.

Your Rights as an Individual

Under the Act, you have the right to:

  • Know what personal data is held about you.
  • Request correction of inaccurate or incomplete data.
  • Ask for deletion or restriction of processing in specific cases.
  • Withdraw consent where data processing is based on consent.

Lodge a complaint with the Information Commission if your rights are not respected.

Data Protection Enquiries

Personal Data, Privacy and Data Protection Matters

For all enquiries relating to data protection, including personal data rights, compliance with the Data Protection Act, data breaches, or designation of Data Protection Officers, please contact:

Name: Ms Mina Accouche

Post title: Information Analyst 

Email address: maccouche@infocom.sc

Telephone No: (+248) 4303188