Are Universities Compliant? A Study of Tanzania’s Personal Data Protection Act in Higher Learning Institutions
DOI:
https://doi.org/10.61538/afjlp.v1i2.1791Keywords:
Compliance, Personal Data Protection Law, Higher Learning Institutions, Tanzania, Data Controller.Abstract
In November 2022, the United Republic of Tanzania enacted the Personal Data Protection Law (PDPA). It established a comprehensive framework for the processing of personal data. The Act has a significant impact on higher learning institutions, which are custodians of vast amounts of personal data from students, staff, and other stakeholders. The law designates the institutions as data controllers and processors, and they are obligated to process personal data in accordance with the provisions of the Act. This article examines the compliance of higher learning institutions with the Act. Employing a doctrinal legal research approach, the article assesses Universities’ compliance with the PDPA and its regulations. The findings indicate that, although the PDPA has been in place for more than two years, the compliance rate remains extremely low among higher learning institutions. This is due to a lack of data protection policies in universities and awareness training, as well as the absence of data protection officers. The article recommends that Universities appoint data protection officers and register with the Data Protection Commissioner as data controllers, which demonstrates compliance. In addition, the universities must ensure that personal data is processed in accordance with the Act and that their data protection policies and procedures are regularly updated to maintain ongoing compliance.Downloads
Published
2025-09-23
Issue
Section
Articles
