Regulatory Alerts2025-07-02
Circular 18/2025: Data Protection System and Implementing Regulation for Data and Information Protection in the Banking Sector
The Central Bank of Libya issued Circular 18/2025 mandating the implementation of the Data Protection System and its Implementing Regulation for all financial institutions operating in Libya. The framework establishes strict controls for the collection, processing, storage, and transfer of personal, corporate, financial, and credit data, requiring domestic data hosting, advanced encryption, explicit consent mechanisms, and mandatory Privacy Impact Assessments. It designates a Libyan Data Controller within each institution to oversee compliance, mandates biannual training and incident reporting within 24 hours, and imposes a 100,000 Libyan Dinar fine per violation alongside additional regulatory sanctions.
Share