Is there any provision in your country’s law for privacy and data protection?

Is privacy or personal data protection a fundamental right in your country?

Has your country adopted a general legal framework for the protection of personal data? 

Has your country adopted a general legal framework on cybersecurity matters?

How does the law of your jurisdiction define personal data? Can the definition extend to data relating to businesses?

Does your country’s data protection legal framework distinguish between sensitive and non-sensitive data?

Identify the basic principles in force in your country for the processing of personal data. Is there a general limitation for the processing of personal data?

Do special data protection rules apply to certain industries, such as financial services, healthcare and telecommunications? Is the processing of personal data on the internet specifically provided for? 

Are there specific rules for the processing of personal data of minors?

What are the sanctions and remedies for non-compliance with data protection and cybersecurity laws? Is there criminal liability for non-compliance with the data protection and cybersecurity laws?

Does your jurisdiction have an independent authority (or authorities) with responsibility for regulating data protection and cybersecurity? What are the enforcement powers of the authorities?

Is notification or registration required before collecting, processing and transferring personal data? 

What are the main obligations applicable to data controllers to process personal data? 

Is there a specific regime applicable to the processing of personal data on behalf of third parties? 

Is the informed consent of the data subjects required before processing personal data? Are there lawful ways to process personal data without consent?

What types of rights are granted in the law to data subjects over their information? 

What is the general regime for the transfer of personal data abroad? Is there a general restriction on the transfer of personal data out of your country? Is the notification of, and approval of the transfer by, the competent authority necessary?

What data security requirements are imposed in relation to the processing of personal data? 

Is there any legal requirement in your jurisdiction for a data processor to have a data protection officer (DPO)? What are the main roles or responsibilities of the DPO? Can the DPO incur criminal liability for acts and omissions?

Does your jurisdiction require notification to affected individuals or the authority in the event of data security breach? 

Is there any national law, regulation or guidance on the use of cookies in general or the use of tracking technologies?

Is there any national law, regulation or guidance regarding financial technology companies, data protection and cybersecurity?

What requirements are imposed in your jurisdiction regarding "privacy by design", "privacy by default" and privacy impact assessment?

What requirements are imposed in your jurisdiction on the sending of unsolicited electronic commercial communications?

Do any specific requirements apply in your country to cloud computing?

Does your country provide for protection of personal data under the control of government agencies?

Does your country allow the right to access data under the control of government agencies?

Does your country provide for self-regulation?