Since the enactment of the Data Protection Act (the DPA) in 2019, and the establishment of the Office of the Data Protection Commissioner in 2020, the issuance of regulations necessary to give effect to many of the provisions contained in the DPA has long been awaited. This changed on 11 February 2022 when the regulations came into force, including the Data Protection (General) Regulations, 2021 (General Regulations), the Data Protection (Complaints Handling and Enforcement Procedures) Regulations, 2021, and the Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021.

In the first instalment of a continuing series of articles analysing these regulations, we examine the General Regulations, which provide for the various instances which trigger obligations for data controllers and data processors to data subjects.

Additionally, the General Regulations provide for restrictions on the use of personal data for commercial purposes as well as provide for exemptions under the DPA, which include data processing in relation to national security and public interest.

For individuals and corporates alike, the General Regulations serve to clarify some of the more procedural aspects of the aspirations contained in the DPA, such as how the right to privacy should be maintained in commercial activities.

Click here to read the full article focused on the General Regulations.


1. Charlotte Patrick-Patel – Senior Associate
2. Jade Makory – Associate
3. Abdulmalik Sugow – Trainee Lawyer
4. Abdullahi Ali – Trainee Lawyer
5. Olivia Njoroge – Trainee Lawyer

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.