Law No. 2024/017 · Personal data protection
The June 23 deadline has passed. Is your business exposed?
Law No. 2024/017 on personal data protection is in force, and the Article 73 compliance window has expired. Criminal fines can reach 1 billion FCFA for companies — and the individuals responsible face up to 10 years' imprisonment.
Most Cameroonian businesses don't yet know whether they comply. Finding out takes one week.
If your business collects any information about people — customers, employees, patients, subscribers — this law applies to you. It requires explicit consent before any processing, a register of your processing activities, documented security measures, and procedures to answer requests from the people whose data you hold.
And here is what most businesses don't realize: if you use Microsoft 365, Google Workspace, or WhatsApp Business, your data already leaves Cameroon. The law makes these transfers subject to prior authorization from the Authority — an unauthorized transfer carries fines of 10 to 100 million FCFA, with criminal sanctions where the destination country does not guarantee equivalent protection. The tool your team opens every morning may be your first compliance gap.
The law already requires continuous monitoring of your security measures and an annual report (Article 27). Businesses that organize now will turn that obligation into a formality. The others will discover it as an inspection.
That is exactly why we built the SANAGATEK Compliance Diagnostic: a structured assessment of your position against Law 2024/017, delivered in one week, at a fixed price, by a certified operator from your own city — with the rigor of a methodology adapted from US security-evaluation standards to Cameroonian law.
The six domains of the law
What you receive in 7 days
Your exposure classification
Level 1, 2, or 3 across every domain of the law: consent, records, security, transfers, processors, incidents.
A bilingual report
French/English — ready for your board, your bank, or your foreign partners.
A costed roadmap
What to fix, in what order, at what cost.
Legal routing
Findings with legal implications are routed to licensed avocats for formal opinion. Our deliverables are technical and operational; legal opinions come exclusively from licensed counsel.
Full diagnostic: fixed price, quoted within 24 hours — known before any commitment, no surprises. Payable by mobile money or bank transfer.
And after the diagnostic? Your choice. Fix things yourself using the roadmap. Have us deliver the remediation (register, notices, consent flows, procedures — turnkey). Or move to Continuous Protection: we maintain your register, prepare your annual Authority reports, and monitor your systems — for a predictable monthly fee.
Every week of waiting is a week of exposure.
Start my diagnostic →Frequently asked questions
Does the law really apply to an SME like mine?
Yes. The law sets no size threshold. If you process data about people located in Cameroon — a customer file is enough — you are covered.
The Authority isn't operational yet. Why act now?
Three reasons. The law is in force and its application is not suspended while the Authority is being set up — the courts remain competent. Your partners — banks, insurers, foreign counterparties — are starting to require proof of compliance in contracts. And getting compliant takes weeks: waiting for the first inspection means choosing to face it unprepared.
Is using WhatsApp Business or Microsoft 365 forbidden?
No — but these tools transfer data outside Cameroon, which the law strictly regulates. The diagnostic maps these flows precisely, and the roadmap shows you how to bring them into line.
What happens if the diagnostic uncovers serious gaps?
That is exactly what it's for. You receive a prioritized action plan — and findings with legal implications are routed to licensed avocats. Discovering a gap in a confidential report is infinitely better than discovering it in a sanction notice.
How much does the diagnostic cost?
A fixed price, quoted within 24 hours of your request — known before any commitment, no surprises. Payable by mobile money or bank transfer.
Who performs the diagnostic?
A SANAGATEK certified operator from your own city, trained on our methodology and supervised by our team, backed by CISSP-certified consultants in the United States. Local in the relationship, international in the standard.
Can the report serve as proof of compliance?
The report documents your position and your progress — which is precisely what banks and partners ask for. For a formal, opposable legal opinion, a licensed avocat can complete the report with a legal annex.
How fast can I be compliant?
The diagnostic takes one week. Core remediation (register, consent flows, notices, procedures) typically takes four to eight weeks depending on your situation. The diagnostic gives you the exact timeline.
General information — not legal advice. Advisory pre-audit diagnostic, not an official audit.