In 2014, African Union (AU) Member States adopted the African Union Convention on Cyber Security and Personal Data Protection. The adoption and subsequent ratification of the Convention on CSPD by most Member States sets a strong objective of African action on cybersecurity and personal data protection to deliver benefits to Africa. To facilitate the implementation of the Legal Framework for Cyber Security and Personal Data Protection (CSPDP) African Union Development Agency (AUDA–NEPAD) has developed the standard operating procedures to assist in the implementation, specifically on the Personal Data Protections (PDP).

The standard operating procedure lay down rules relating to the protection of natural persons about the processing of personal data and rules relating to the free movement of personal data. The SOP guides individuals on how to take a more active role in the protection of their personal data, while recognising the responsibility of AUDA – NEPAD for a positive outcome in the protection of personal data.

Privacy and Personal Data Protection is a broad and ever-changing domain; the SOP is not an end-state they are a blueprint for an evolving practice as new circumstances and requirements emerge. The SOP will be subject to review annually and additionally in response to any changes affecting the basis of the original document. The SOP will also be reviewed to monitor its effectiveness, demonstrated by the nature, number and impact of recorded incidents.