Tanzania PDPA

Personal Data Protection Act 2022

Tanzania's data protection law requiring mandatory 5-year registration and Minister approval for cross-border transfers.

Jurisdiction

Tanzania

Enacted

Apr 22, 2022

Effective

Jul 1, 2023

Enforcement

Personal Data Protection Commission

Mandatory 5-year registration requirement

Future of Privacy Forum Analysis

Why It Matters

Tanzania's ministerial approval requirement for cross-border transfers creates significant operational friction for cloud-based AI chatbot services.

At a Glance

Applies to

AI CompanionMental Health AppGeneral Chatbot

Requires

Transparency User Rights Data Minimization

Who Must Comply

Data controllers and processors in Tanzania
Entities processing data of Tanzanian residents
Cross-border data transfers from Tanzania

Obligations fall on:

Safety Provisions

Mandatory 5-year data controller/processor registration
Cross-border transfer requires Minister of Information approval
Breach notification required
Data Protection Officer for certain entities
Security safeguards

Compliance & Enforcement

Penalties

criminal liability

Criminal liability

Primary Source

Future of Privacy Forum Analysis

https://fpf.org/blog/tanzanias-personal-information-protection-act-overview-key-takeaways-and-context/

View on map

Tanzania

Focus Areas

General regulation

Cite This

APA

Tanzania. (2022). Personal Data Protection Act 2022.

Related Regulations

In Effect ZM

Zambia DPA

Zambia's comprehensive data protection law with special protections for vulnerable persons and DPIA requirements for high-risk processing.

In Effect BW

Botswana DPA

Botswana's modernized data protection law requiring Data Protection Impact Assessment and establishing age 16 for consent.

In Effect SC

Seychelles DPA

Seychelles' modern data protection law requiring DPO for large-scale processing and recognizing Cross-Border Privacy Rules certification.

In Effect RW

First African country to adopt comprehensive national AI policy. Establishes Responsible AI Office (RAIO) under MINICT. Implements RURA ethical guidelines covering beneficence, non-maleficence, autonomy, justice, explicability, transparency. Non-binding framework.

In Effect CN

China CSL Amendments

First major revision of China's foundational Cybersecurity Law since 2017. Introduces formal AI governance provisions, significantly increases penalties, and expands extraterritorial application to all cybersecurity violations.

In Effect US-CA

CA SB 524

Requires law enforcement agencies to disclose when AI is used to write or assist in creating official police reports, maintain audit trails, and preserve AI-generated first drafts.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.