African Union Legal Instrument
3.
4.
P a g e | 19
f)
Speedily informing the judicial authority of certain types of offences that
have come to their attention;
g)
Undertaking the audit of all processed personal data, through its officials or
sworn officials;
h)
Imposing administrative and monetary sanctions on data controllers;
i)
Updating a processed personal data directory that is accessible to the
public;
j)
Advising persons and bodies engaged in personal data processing or in
carrying out tests and experiments likely to result in data processing;
k)
Authorizing trans-border transfer of personal data;
l)
Making suggestions that could simplify and improve legislative and
regulatory frameworks for data processing;
m)
Establishing mechanisms for cooperation with the personal data protection
authorities of third countries;
n)
Participating in international negotiations on personal data protection;
o)
Preparing an activity report in accordance with a well-defined periodicity, for
submission to the appropriate authorities of the State Party.
The national protection authorities may decide on the following measures:
a)
Issuance of warning to any data controller that fails to comply with the
obligations resulting from this Convention;
b)
An official warning letter to stop such breaches within a timeframe set by the
authority.
Where the data controller fails to comply with the official warning letter addressed
to him/her, the national protection authority may impose the following sanctions
after adversary proceedings:
a)
b)
c)
Temporary withdrawal of the authorization granted;
Permanent withdrawal of the authorization;
Monetary fine.