DATA PROTECTION LAWS OF THE WORLD
reached through the adoption of harmonized and
mandatory internal rules on data protection and privacy.
Please note however, that the communication of personal
data to a recipient, a third party or a subcontracted entity
is subject to specific legal conditions and requirements.
SECURITY
SECURITY
The data controller must implement appropriate technical
and organizational measures and to adopt adequate
security levels in order to protect personal data against
accidental or unlawful total or partial destruction,
accidental loss, total or partial alteration, unauthorized
disclosure or access (in particular where the processing
involves the transmission of data over a network) and
against all other unlawful forms of processing.
The data processor must implement adequate technical
and organizational measures to protect personal data
against accidental or unlawful destruction or accidental
loss, alteration, unauthorized disclosure or access, in
particular, where the processing involves the transmission
of data over a network, and against all other unlawful
forms of processing. Such measures must ensure a
security level appropriate to the risks represented by the
personal data processing and the nature of the personal
data, taking into consideration the state of the art and
costs of the measures.
Having regard to the state of the art and the cost of their
implementation, such measures shall ensure a level of
security appropriate to the risks represented by the
processing and the nature of the data to be protected.
Specific security measures shall be adopted regarding
certain type of personal data and purposes (notably,
sensitive data, call recording and video surveillance).
Also, according to Protection of Information Systems and
Networks Law the service providers, operators and
companies offering information society services must: (i)
guarantee the security of any device or set of devices used
on the storage, processing, recovery or transmission of
computer data on execution of a computer programme
and (ii) promote the registration of users as well as the
implementation of technical measures in order to
anticipate, detect and respond to risk situations. The Law
requires an accident and incident management plan in case
of computer emergency.
BREACH NOTIFICATION
BREACH NOTIFICATION
There is no mandatory breach notification under the Data
Protection Law.
None. The Law does not require data processors to notify
either the OPDP or data subjects about any personal data
breach.
However, pursuant to the Electronic Communications and
Information Society Services Law, companies offering
electronic communications services accessible to the
public shall, without undue delay, notify the APD and the
Electronic Communications Authority, Instituto Angolano
das Comunicações, (INACOM) of any breach of security
committed with intent or recklessly that leads to
destruction, loss, partial or total modification or
5 | Data Protection Laws of the World | Angola vs Macau | www.dlapiperdataprotection.com