CNDP Leaflet PDF: Law 09-08 Personal Data Protection in Morocco
Download the official CNDP leaflet on personal data protection in Morocco. Law 09-08, data subjects' rights, business obligations, and penalties.
Official CNDP Leaflet
This leaflet, published by the Commission Nationale de contrôle de la protection des Données à caractère Personnel (CNDP), provides a concise overview of the legal framework for personal data protection in Morocco as established by Law 09-08.
Document Contents
The leaflet covers the following topics:
- About the CNDP: composition (7 members appointed by His Majesty the King), missions, and powers
- Scope of Law 09-08: processing of personal data on Moroccan territory
- Key definitions: personal data, sensitive data, data controller, data subject
- Data subjects’ rights: consent, information, access, rectification, objection
- Data controller obligations: legitimate purpose, proportionality, data quality, retention periods, security
- Prior formalities: declaration (non-sensitive data), authorization (sensitive data, CIN, interconnection, international transfer)
- CNDP actions: receiving complaints, investigations, sanctioning powers
- Penalties: administrative, financial, and criminal
Who Is This Document For?
This leaflet is intended for any business or organization that processes personal data in Morocco: executives, legal officers, IT managers, and Data Protection Officers (DPOs).
Upsilon Consulting Support
Want to go beyond reading and bring your business into compliance? Upsilon Consulting offers a comprehensive CNDP compliance assistance service: audit, declarations, prior authorizations, and ongoing support.
Contact us for a free CNDP compliance assessment.