Moroccan Data Protection Authority Tightens Control, Sets End of May Deadline for Compliance

Morocco’s National Commission for the Protection of Personal Data (CNDP) is stepping up its efforts to ensure that institutions comply with Law No. 08-09 on personal data protection.

Official sources report that the CNDP has recently sent notices to several non-compliant companies, outlining the necessary steps for legal alignment and offering guidance tools to assist in the process.

The letters clearly warn of potential legal sanctions for continued violations, especially with the deadline for compliance set for the end of May.

The CNDP stresses the obligation to declare all personal data processing activities and to designate responsible data officers within each organization. Obtaining the required authorizations is also mandatory before the deadline.

This move reflects a strong national commitment to protecting individuals’ privacy and strengthening trust in the digital landscape, especially as digital transformation accelerates across the country.