Law 09-08 Personal Data

Morocco

2009

Privacy

Overview

Law No. 09-08, enacted in 2009, is Morocco's primary legislation governing the protection of personal data. It establishes clear requirements for the collection, processing, storage, and transfer of personal data across both public and private entities.

The law applies to banks, telecommunication providers, healthcare institutions, insurance companies, retailers, and other organizations operating in Morocco that handle personal data. It mandates transparency, explicit consent, security safeguards, and requires prior notification or authorization from the national data protection authority, the CNDP, before processing certain types of data.

Key Obligations

Obtain explicit, informed consent from individuals before processing personal data
Register data processing activities with the Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP)
Apply additional safeguards when processing sensitive personal data
Transfer data abroad only to jurisdictions with adequate protection or with CNDP approval

Allow individuals to access, correct, or object to data use
Implement technical and organizational measures to ensure data security
Maintain data processing records and documentation

FAQ

Related Regulations

Organic Act 2004-63 Personal Data

Law 18-07 Personal Data

PDPL Data Protection Law UAE

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

Identity Verification

Use facial match and liveness checks paired with government ID verification to make sure the person holding the document is the person you're onboarding.

One Touch KYC

Simplify the Know Your Customer (KYC) process with AI and sophisticated fraud detection algorithms to provide a seamless, efficient, and highly secure user verification.

MENA API Marketplace

Comprehensive API marketplace for the Middle East and North Africa region, offering localized verification and compliance solutions.