= Data Protection Act, 2023 =

Infobox
- Short Title: Data Protection Act, 2023
- Legislature: Somalia Parliament
- Long Title: An ACT enacted to create a Data Protection Authority that ensure the safeguarding of individual privacy and personal data by regulating how personal information is collected, accessed, used, and disclosed, and to address related concerns
- Citation: Law 005
- Territorial Extent: The Republic of Somalia
- Enacted By: Federal Parliament of Somalia
- Date Enacted: 2023
- Date Assented: March 23, 2023
- Signed By: President of the Republic of Somalia
- Date Effective: March 23, 2023
- Administered By: Data Protection Authority
- Status: current

The  Data Protection Act also known as DPA or the Act is a national legislation enacted by the Federal Government of Somalia in 2023 to regulate the collection, storage, processing, and transfer of personal data within the country. It aims to safeguard the privacy rights of individuals and to ensure responsible use of personal information in the digital era.

== Background ==
The Data Protection Act (DPA) is grounded in the 2012 Constitution of the Federal Republic of Somalia, which guarantees citizens the right to privacy. To ensure the enforcement of this legislation, the DPA created the Somalia Data Protection Authority (“the Authority”) as the responsible oversight body. The bill was presented to Somalia’s Federal Parliament between February and March 2023. It was officially signed into law by President Hassan Sheikh Mohamud on March 21, 2023, and became effective two days later, on March 23, 2023.

==Structure==
  - Structure of the Somalia Data Protection Act (2023)**

| Heading | Chapters | Articles | Pages |
| Arrangements of Articles | - | - | 2-4 |
| Preliminary Provisions | 1 | 1 - 5 | 5-8 |
| Administration | 2 | 6–12 | 8-13 |
| Principles Governing Processing of Personal Data | 3 | 13-19 | 13–17 |
| Rights of a Data Subject | 4 | 17-18 | 20-23 |
| Data Security and Data Impact Assessments | 5 | 18 -22 | 20-29 |
| Cross-Border Transfers of Personal Data | 6 | 22-25 | 30- 31 |
| Registration and Fees | 7 | 25-26 | 32-35 |
| Enforcement | 8 | 26-28 | 35-40 |
| Miscellaneous | 9 | 28-29 | 41-43 |

== Provisions ==
The Somalia Data Protection Act establishes a legal framework for:

- The rights of individuals (data subjects) over their personal data.
- The obligations of data controllers and processors.
- Lawful grounds for data processing, including consent and public interest.
- Limitations on cross-border data transfer.
- Data breach notification requirements.
- The creation of an independent data protection authority (DPA).

== Data subject rights ==
The Act affirms the rights of individuals over their personal data, including the ability to access, correct, erase, withdraw consent, object to processing, and avoid being subjected to decisions made purely through automated means. It also outlines specific situations where these rights may be limited or not applicable.

== Data protection authority ==
The Act creates a Data Protection Authority tasked with ensuring the effective enforcement of its provisions. This Authority is empowered to develop additional regulations, carry out investigations, and levy penalties. Its key responsibilities include registering significant data controllers and processors, raising awareness about data protection duties, accrediting and licensing compliance organizations, handling complaints related to data misuse, and providing policy advice to the government.
