Organic Act 2004-63 Personal Data

Tunisia

2004

Privacy

Overview

Organic Act No. 2004-63 is Tunisia's primary data protection law, enacted in 2004 to regulate the collection, use, storage, and transfer of personal data. It protects individual privacy and applies to both the public and private sector.

The law covers a wide range of entities including banks, insurance companies, telecom operators, healthcare providers, e-commerce platforms, and other organizations that handle personal data in Tunisia. It requires explicit consent, places restrictions on sensitive data, and mandates that all processing be reported to the national authority, INPDP.

Key Obligations

Obtain explicit consent from individuals before collecting or processing personal data
Avoid processing sensitive personal data unless authorized by the INPDP
Notify the INPDP before beginning any personal data processing activity
Limit data collection to legitimate, declared purposes

Ensure data confidentiality, integrity, and accuracy
Prohibit cross-border transfers unless the recipient country ensures adequate protection
Provide individuals with rights to access, correct, and object to data processing

FAQ

Related Regulations

Law 09-08 Personal Data

Law 18-07 Personal Data

PDPL Data Protection Law UAE

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

Identity Verification

Use facial match and liveness checks paired with government ID verification to make sure the person holding the document is the person you're onboarding.

MENA API Marketplace

Comprehensive API marketplace for the Middle East and North Africa region, offering localized verification and compliance solutions.

AML Screening

Comprehensive Anti-Money Laundering screening solutions to detect and prevent financial crimes through advanced monitoring and compliance tools.