Cameroon's new data protection law (Law No. 2024/017) is a pivotal piece of legislation that aligns the country with international standards such as the GDPR. A compliant privacy policy must be tailored to these specific requirements.
Key Components:
Explicit Consent: The policy will explicitly state that personal data will only be collected with the user's explicit and informed consent. This consent must be freely given, specific, and revocable at any time.
Data Subject Rights: The policy will inform users of their comprehensive rights under Cameroon's law. These include the right to be informed of data processing activities, the right to access and rectify their data, the right to object to processing, the right to erasure (the "right to be forgotten"), and the right to data portability.
Data Breach Notification: In a unique provision compared to many international laws, Cameroon’s law requires that both the data protection authority and the affected user be notified immediately upon becoming aware of any data breach, regardless of severity. The policy will explicitly state this commitment to transparency.
Purpose of Collection: The policy will clearly define the types of personal information collected (e.g., name, email address) and the specific, stated purposes for which it is used (e.g., account creation, course tracking, communication).
Cross-Border Data Transfer: The policy will address the strict conditions on transferring personal data to other countries, ensuring that any such transfers are conducted in a manner compliant with the law and authorized by the data protection authority.
