Mbeya. Tanzania’s Personal Data Protection Commission (PDPC) has announced that it will begin nationwide compliance inspections in April, targeting institutions that have failed to register and appoint Data Protection Officers (DPOs) as required by law.
Speaking in Mbeya on February 11 during the opening of a seminar for Data Protection Officers, the Commission’s Director General, Dr Emanuel Mkilia, warned that failure to comply with the Personal Data Protection Act, Chapter 44, puts citizens’ privacy, security and fundamental rights at risk.
“Failure to implement the requirements of this law is not a minor oversight. It endangers the privacy, security and rights of our people,” said Dr Mkilia.
“The Commission is now prepared to conduct compliance inspections, monitor the implementation of registration and appointment directives for Data Protection Officers, and take legal action where violations are identified.” He said the inspections are scheduled to begin on April 9 this year.
The move signals a decisive shift from awareness-raising to enforcement, placing Data Protection Officers at the centre of Tanzania’s efforts to safeguard personal information in both public and private institutions.
Dr Mkilia stressed that the ongoing training sessions are designed to strengthen institutional capacity to implement the law effectively. The seminars bring together representatives from government bodies and private organisations to ensure that the collection, processing, storage and use of personal data comply with legal and professional standards.
“Our goal is to see practical change within institutions,” he said. “We expect stronger internal control systems, greater accountability, and a reduction in incidents that violate privacy or compromise the security of citizens’ data.”
Under the law, Data Protection Officers are responsible for ensuring that institutions handle personal information lawfully and transparently.
They serve as internal watchdogs, advising management on compliance, identifying risks and preventing data breaches that could harm individuals or expose organisations to legal penalties. Opening the seminar, Mbeya Regional Commissioner Beno Malisa called for tough penalties against those who profit from the misuse of personal data.
“We want to hear about strict penalties, not leniency,” said Mr Malisa. “There are people who have turned the sale of other people’s private content into a business. This is unacceptable. Legal action must be taken against those involved.”
Participants at the seminar welcomed the initiative, saying it would help close knowledge gaps and reduce vulnerabilities within institutions.
Adelin Kakoko, one of the trainees, said the training would enhance understanding of legal obligations among public and private sector employees.
“We have already improved our awareness of how to handle personal data in line with the law, procedures and regulations,” she said. “But this training will deepen our knowledge and help us eliminate loopholes that allow data leaks.”
Another participant, Ipyana Jengela, said the seminar would boost efficiency in carrying out their responsibilities.
“We expect to learn more so that we can improve our effectiveness and help our institutions achieve their goals in line with regulations and guidelines,” he said. “These trainings are very important to us.”
As Tanzania accelerates its digital transformation, the effectiveness of Data Protection Officers may well determine whether citizens’ personal information remains secure — or becomes increasingly vulnerable in an interconnected age.
