date protection

 Data Protection Act 2017

At Crow SG we believe that everyone has the right to the protection of their private life, of which personal data forms an integral part. The right to privacy is expressly provided for in the Constitution of Mauritius and in the Mauritian Civil Code. The Data Protection Act 2017 (DPA) came into force on 15 January 2018 and supersedes the earlier 2004 law.


The formulation of DPA is a response to the requirement of public security, transparent business practices, efficiency in administration, economic development, and growth in technology. The said regulation is seeking to strike a balance between the interests of businesses, the Government, and the fundamental right to privacy of individuals. It seeks to bring Mauritius’ data protection framework in line with international standards, namely the EU General Data Protection Regulation (GDPR).


The DPA is enforced by the Mauritius Data Protection Office (DPO), a public office under the aegis of the Ministry of Technology, Communication, and Innovation.


The DPO is completely independent and is not subject to the control or direction of any other person or authority in the discharge of its functions. The head of the DPO is the Data Protection Commissioner (Commissioner)