Regulatory Alerts2025-03-01
Personal Data Protection Policy (PDPC)
The Central Bank of the Republic of Guinea (BCRG) has issued this Personal Data Protection Policy to establish comprehensive legal and operational standards for the collection, processing, retention, and security of personal data across its operations. The policy mandates strict compliance with Guinean cybersecurity laws and ECOWAS regulations, assigning clear responsibilities to the Data Controller, Data Protection Officer, employees, and external processors while guaranteeing data subjects' rights to access, rectification, and erasure. It further enforces transparent data handling practices, mandatory retention periods of at least ten years, and robust security measures for domestic disclosures, cross-border transfers, and breach management.