Law 09-08 Personal Data
Morocco
2009
Privacy
Overview
Law No. 09-08, enacted in 2009, is Morocco's primary legislation governing the protection of personal data. It establishes clear requirements for the collection, processing, storage, and transfer of personal data across both public and private entities.The law applies to banks, telecommunication providers, healthcare institutions, insurance companies, retailers, and other organizations operating in Morocco that handle personal data. It mandates transparency, explicit consent, security safeguards, and requires prior notification or authorization from the national data protection authority, the CNDP, before processing certain types of data.
Key Obligations
- Obtain explicit, informed consent from individuals before processing personal data
- Register data processing activities with the Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP)
- Apply additional safeguards when processing sensitive personal data
- Transfer data abroad only to jurisdictions with adequate protection or with CNDP approval
- Allow individuals to access, correct, or object to data use
- Implement technical and organizational measures to ensure data security
- Maintain data processing records and documentation
FAQ
Related Regulations
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Identity Verification
Use facial match and liveness checks paired with government ID verification to make sure the person holding the document is the person you're onboarding.
One Touch KYC
Simplify the Know Your Customer (KYC) process with AI and sophisticated fraud detection algorithms to provide a seamless, efficient, and highly secure user verification.
MENA API Marketplace
Comprehensive API marketplace for the Middle East and North Africa region, offering localized verification and compliance solutions.