The Personal Data Protection Commission (PDPC) in Tanzania was established in in 2023 under the Act. The PDPC is an independent body that oversees the implementation and enforcement of the Act. It is responsible for registering data collectors and processors, investigating personal data protection issues, advising the government on personal data protection issues, and adjudicating personal data protection disputes. The establishment of the PDPC marks a significant milestone in Tanzania's personal data protection landscape, showcasing the government's dedication to safeguarding the privacy of its citizens in the digital era


A society where personal data is protected, and individuals can trust that their data will be used fairly and ethically


To protect personal data by promoting and enforcing data protection laws and regulations, and by educating individuals and organizations about data protection best practices

Core Values

1. Integrity: Maintain ethics in the course of discharging our duties and uphold confidentiality

2. Transparency: Convey correct, timely and complete information about our services

3. Cooperation: Establish cooperative mechanisms with other data protection authorities nationally and internationally

4. Adaptability: Stay agile and flexible to adapt to the evolving data processing technologies

5. Accountability: Take responsibility for monitoring compliance, registering data controllers and data processors, and addressing complaints

6. Fairness: Ensure impartiality and justice when investigating alleged violations and taking measures to protect personal data and individual privacy


A: HIV/AIDS and Non-Communicable Diseases (NCD) infections reduced, and health services improved;

B: Effective implementation of the National Anti-Corruption Strategy (NACS) enhanced and sustained;

C: Governance and human resources management enhanced and sustained;

D: Personal data protection regulations and compliance enhanced and sustained;

E: Awareness on personal data protection enhanced and sustained;

F: Collaborations, partnerships and networks enhanced and sustained; and

G: Research and Innovation on personal data protection enhanced and sustained.


Using its statutory powers, the Personal Data Protection Commission is obliged to undergo the following Responsibilities:

  1. Monitor compliance by data controllers and data processors of the provisions of the Act;

  2. Register data controllers and data processors in accordance with the Act;

  3. Receive, investigate and deal with complaints about alleged violations of the protection of personal data and privacy of persons;

  4. Inquire into and take measures against any matter, that appears to the Commission to affect the protection of personal data and infringe privacy of the individuals;

  5. Educate the public as may be appropriate to the implementation of objectives of the Act;

  6. Undertake research and to monitor technological developments in data processing; and

  7. Establish mechanisms of cooperation with other data protection authorities from other countries, and advise the Government on related matters.