Data protection authorities & supervisory bodies
Last updated: 1 May 2026 · Covers markets where PayBitt supports value-added services (VAS).
Important: This page is provided for transparency and ease of reference. It does not constitute legal advice. Supervisory bodies, names, remits, and complaint procedures may change. PayBitt will engage in good faith with regulators where our processing is subject to local law. Always verify current guidance on the official regulator website. For PayBitt privacy requests, contact privacy@paybitt.com.
1. Purpose
This schedule lists data-protection or privacy supervisory authorities commonly associated with each country where PayBitt currently makes airtime, data, or related VAS capabilities available (aligned with our product configuration). If you believe PayBitt has mishandled personal data and local law entitles you to complain to a regulator, you may use the links or bodies below as a starting point alongside our Privacy Policy and Data Protection Policy.
2. Authority schedule
“Primary supervisory body” describes the institution most often designated under national data-protection frameworks; titles and mandates can evolve. Official websites should be used for forms, fees, and jurisdictional scope.
| Country | Code | Primary supervisory body (indicative) | Notes |
|---|---|---|---|
| Botswana | BW | Botswana Communications Regulatory Authority (BOCRA) — data protection functions under applicable Acts | Verify current complaints process on the official BOCRA portal. |
| Ethiopia | ET | Ethiopian Personal Data Protection Authority (PDPA) | Established under the Personal Data Protection Proclamation; check for operational commencement dates. |
| The Gambia | GM | Personal Data Protection Commission (under Public Utilities Regulatory Authority framework) | Align complaint steps with PURA / PDPC published guidance. |
| Ghana | GH | Data Protection Commission, Ghana | Act 843 regime; registration and complaint routes published by the DPC. |
| Kenya | KE | Office of the Data Protection Commissioner (ODPC) | Complaints and registration under the Data Protection Act, 2019. |
| Liberia | LR | Designated authority under Liberia’s evolving ICT / data framework (e.g. sector regulator or ministry responsible for data protection) | Confirm the competent body for your matter with official government sources. |
| Malawi | MW | Macra / Personal Data Protection Office (as designated under the Data Protection Act) | Titles may consolidate; use the authority named in the current Act and gazette notices. |
| Namibia | NA | Communications Regulatory Authority of Namibia (CRAN) — data protection oversight where assigned | Cross-check with Ministry of ICT directives. |
| Nigeria | NG | Nigeria Data Protection Commission (NDPC) | NDPA 2023; guidance on filing complaints and Data Protection Organisation (DPO) registration. |
| Rwanda | RW | National Cyber Security Authority / data protection supervisory functions under national law | Rwanda’s legal framework may assign specific complaint handling—follow official NCSA guidance. |
| Sierra Leone | SL | Designated data protection authority under national cybercrime / data laws | Confirm the current body with the Ministry of Information or regulator notices. |
| South Africa | ZA | Information Regulator (South Africa) | POPIA complaints and PAIA processes are published by the Regulator. |
| South Sudan | SS | National authority responsible for telecommunications / data protection under applicable legislation | Frameworks may be developing; verify with official government sources. |
| Tanzania | TZ | Personal Data Protection Commission (PDPC Tanzania) as established under the Personal Data Protection Act | Monitor commission commencement notices and complaint forms. |
| Uganda | UG | Personal Data Protection Office (PDPO), NITA-U | Data Protection and Privacy Act, 2019 implementation guidance applies. |
| Zambia | ZM | Data Protection Commission of Zambia | Refer to the Data Protection Act, 2021 and commission publications. |
| Zimbabwe | ZW | Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) — where data protection functions are assigned | Cross-check with the Cyber and Data Protection Act implementing instruments. |
3. Cooperation with regulators
Where PayBitt processes personal data subject to a country’s laws, we: (a) maintain records of processing as appropriate; (b) respond to lawful regulatory enquiries and information requests; (c) notify regulators where required by law in the event of a personal data breach; and (d) support customers and partners in meeting their own regulatory duties, within the scope of our role as a technology and payment service provider.
4. Contact PayBitt first
We encourage you to contact privacy@paybitt.com before escalating to a supervisory authority so we can investigate and, where appropriate, remediate. This does not affect your statutory rights.