Data & Privacy · Angola
Data protection & privacy law in Angola (2026)
Angola shaded by its data & privacy status
Data protection in Angola: comprehensive law, under Lei n.º 22/11 de 17 de Junho (Lei de Proteção de Dados Pessoais, LPDP), enforced by the Agência de Proteção de Dados (APD).
Angola enacted a comprehensive Personal Data Protection Law (Law No. 22/11) in June 2011, establishing an omnibus regime covering automated and non-automated processing of personal data by public and private entities operating under Angolan jurisdiction. The supervisory authority, the Agência de Proteção de Dados (APD), became operational in October 2019 and has been actively issuing fines since 2024. A draft revision of Law 22/11 underwent public consultation in early 2025 to modernise the framework and address AI-related privacy challenges.
Key points
Law No. 22/11 of 17 June 2011 is the omnibus data protection statute. It applies to all natural and legal persons, public, private, and cooperative, processing personal data in Angola or using equipment subject to Angolan law.
The Agência de Proteção de Dados (APD), headquartered in Luanda, is the independent authority responsible for monitoring compliance, conducting inspections, and imposing sanctions. It became operational in October 2019 under Presidential Decree No. 214/16.
Controllers must obtain express consent from data subjects and notify the APD before processing. Processing must comply with principles of transparency, lawfulness, proportionality, purpose limitation, accuracy, and storage limitation. Cross-border transfers require APD authorisation.
Individuals hold rights of access, rectification, and erasure of their personal data. The law also grants the right to object to processing in certain circumstances.
The APD imposed fines on multiple organisations: USD 150,000 on MAXAM for unlawful cross-border transfer to the UK (2024); USD 75,000 on Banco Comercial do Huambo for inadequate security measures (2024); and USD 175,000 on airline TAAG plus USD 75,000 on Banco de Desenvolvimento de Angola (BDA) for security failures (2025).
The APD submitted a draft revision of Law No. 22/11 for public consultation from 17 March to 17 April 2025. The revision aims to modernise the framework for AI and emerging technologies; formal legislative adoption was pending as of mid-2025.
Timeline - major decisions & events
Angola's parliament voted 105-1 (75 abstentions) to approve the draft Cybersecurity Law, establishing a National Cybersecurity Centre (CNC) as the central regulatory, supervisory, and sanctioning authority; a final vote is still required before enactment.
AMAN/Lusa – Business News ↗Angola's data protection regulator launched a 30-day public consultation (17 March, 17 April 2025) on a comprehensive overhaul of the 2011 data protection law, the first formal attempt to modernise the framework and align it with contemporary international standards.
CMS Expert Guide – Angola ↗Angola's Ministry of Telecommunications opened public consultation (closing 30 April 2025) on three complementary bills: a Cybersecurity Law, a Presidential Decree adopting a National Cybersecurity Strategy, and a Law on the Dissemination of False Information on the Internet, collectively reshaping Angola's digital governance landscape.
Further Africa ↗The APD issued its first standalone breach-notification circular, requiring all public and private entities to immediately report personal data breaches to the agency with minimum prescribed content (nature, consequences, and remediation measures), significantly tightening enforcement expectations.
PLMJ – Informative Notes ↗By Deliberations 004/2024 and 005/2024, the APD fined MAXAM USD 150,000 for unlawful data transfer to the UK and failure to notify; BCH USD 75,000 for inadequate technical measures following a cyberattack; and COSAL USD 75,000 for a September 2023 ransomware incident, demonstrating a sustained rise in enforcement activity.
RAPDP – Angola Enforcement Decisions ↗Eight years after Law 22/11 was enacted, the APD finally became operationally active when its board, nominated by Presidential Decree 277/2019 (6 September 2019), assumed office, marking the true start of data-protection oversight in Angola.
Data Protection Africa – Angola Factsheet (Sep 2019) ↗Angola's National Assembly enacted its foundational data protection law, modelled on EU/Portuguese frameworks, establishing processing principles (transparency, proportionality, purpose limitation), data-subject rights (access, rectification, erasure, objection, anti-automated-decision), mandatory database registration with the APD, and criminal/civil penalties up to USD 150,000.
RAPDP – Law 22/11 Full Text ↗Angola's post-civil-war Constitution (adopted 5 February 2010) established the constitutional bedrock for data privacy: Article 32 guarantees the right to privacy and intimacy of private life, and Article 34 protects confidentiality of communications, the foundation upon which all subsequent data-protection legislation rests.
Constitute Project – Angola Constitution 2010 ↗Angola - other topics
Data & Privacy in other countries
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite · Explore the full world map →