Detailed Report on Cameroon's Evolving Data Privacy Landscape
Cameroon has taken a bold step toward digital regulation with the introduction of its first dedicated personal data protection law; a move that places the country at the forefront of Africa’s evolving data privacy landscape. In this report, legal experts from NFM Avocats Associés break down the key provisions of Law No. 2024/017, the challenges businesses are likely to face, and what’s needed to comply before the June 2026 deadline. From the creation of a new Data Protection Authority and stricter cross-border transfer rules, to the risk of fines and personal liability for non-compliance, this report provides actionable guidance for any company operating in Cameroon. Whether you're a local firm or part of a multinational group, watch the session to ensure you stay ahead of one of Africa’s
Key Insights and Takeaways
Cameroon’s New Data Protection Law Brings Legal Certainty for Businesses
Cameroon has officially filled a major regulatory gap by enacting Law No. 2024/017, introducing its first standalone data protection framework. This law marks a transformative shift from fragmented, sector-based rules to a unified national approach that aligns with international data privacy standards. For businesses, this provides greater legal certainty and clearer obligations in how they collect, process, store, and transfer personal data.
Strict Compliance Requirements and Penalties Demand Immediate Attention
With an 18-month transition period already underway, companies operating in Cameroon must act now to meet compliance deadlines by June 2026. Key obligations include securing consent, ensuring transparency, protecting data with robust security measures, and gaining approval for cross-border transfers. Non-compliance risks are high; executives could face personal liability, including fines up to 1 billion CFA francs and even prison time.
New Data Authority to Oversee Enforcement and Cross-Border Data Flows
A newly created Personal Data Protection Authority will oversee enforcement and issue authorisations, complaints handling, and cross-border data transfer approvals. While the authority is not yet operational, businesses should prepare for its future role. In the meantime, any transfer of data outside Cameroon must meet stringent conditions, as both senders and recipients can be held jointly liable.
Cameroon’s new data law is in force. Does your business understand the consequences of non-compliance?
