African governments are increasingly acknowledging the need for legislation and investment in data and privacy protection since approximately 600 million people across Africa use the internet these days.

According to the non-profit advocacy group Internet Society, over 17 African countries have implemented comprehensive personal data privacy legislation.

In addition, the United Nations Conference on Trade and Development found that as of the year 2021, a total of 33 countries have enacted legislation that ensures the protection of personal data and privacy.

The Minister of Communications and the Digital Economy of Nigeria, Isa Pantami, made his statement at the 2023 Global Data Privacy Week in Abuja; he noted that the Nigeria Data Protection Bureau (NDPB) had made significant investments in personnel in order to develop competency. “The NDPB has created many jobs that the value as at today amounts to N5.5 billion ($12 million),” he said.

Also, 10 African countries passed data and privacy protection laws between 2019 and 2022.

Read also: 8 Best VPNs In Nigeria 2022: Speed, Streaming & Privacy 

Many countries now implement the data privacy policy

In November 2022, Tanzania became the latest African country to pass the Personal Data Protection Law and subsequently established its Data Protection Commission.

Botswana, South Africa, Kenya, Rwanda, Nigeria, Uganda, Togo and Ghana have been front-runners in legislating pro-data and privacy protection policies.

Beyond efforts at the individual country’s levels, regional economic blocs have policies that safeguard data and privacy protection.

The Southern African Development Community (SADC) modelled the SADC Model Law on Data Protection in 2010, which it adopted in 2013.

ECOWAS Supplementary Act A/SA.1/01/10 on Personal Data Protection (2010) and EAC Framework for Cyber laws (2008) are some regional bloc-level policies targeting data and privacy protection.

Despite the developments in legislation, Brandon Muller, Kaspersky tech expert and consultant African region, highlights the many areas African countries can improve on, especially in averting industrial cybersecurity.

According to Muller, 40% of industrial control system (ICS) computers globally were attacked with malware in 2022, with Kaspersky projecting 47% of the cases will occur in Africa.

Industrial control systems involving manufacturing, processing, product handling, production and distribution are the basis of economic growth.

Kaspersky lists Ethiopia (62%), Algeria (59%), and Burundi (57%) as having experienced the highest number of malware attacks on their industrial control systems last year.

Others listed include Rwanda (46%), Kenya (41%), Nigeria and Zimbabwe (40%), Ghana (39%), Zambia (38%) and South Africa and Uganda (36%).

However, these countries are actively improving efforts to elevate their data protection systems.

Ethiopia is currently in the advanced stages of legislating the Data Protection Proclamation, which will establish a Personal Data Protection Commission.

Algeria’s Law No. 18-07 was recently passed and established the legal framework for collecting, processing, using, and disclosing personal data concerning data processing activities.

With some listed countries recording relatively high vulnerability rates, more laws and policies are needed to ensure safe digital browsing.

Scotland publishes first Biometric Data for Code of Practice

A secure system will prevent vulnerability to cyberattacks

Muller emphasises the importance of employing anti-malware programs and safe practices in order to guarantee long-term security.

According to Muller, all that is required for cybercriminals to overcome the layer and access an isolated ICS network is one spear-phishing email or a malicious USB drive.

Muller explains that “human error still plays a significant role in compromising ICS systems.” despite the fact that certain virus sources remain complicated, particularly in advanced systems.

On the other hand, Africa is making a concerted effort, in general, to confine itself to the parameters outlined in the African Union Convention on Cyber Security and the Protection of Personal Data.

In a report published in 2018 under the title “Personal Data Protection Guidelines for Africa,” the African Union and Internet Security make several recommendations regarding the establishment of trust, the protection of privacy, and the responsible use of personal data, as well as the commitment and actions of individual governments and multi-sectoral approaches.