To create requirements for the information protection, countries introduce legislation and regulations in the field of information security at the government and individual authorities level. Such requirements can be conditionally divided into state (required to carry out by all legal entities and/or individuals) and sectoral (regulating the work of individual branches of the economy). In this regard, the Republic of Angola is no exception.
Here the requirements for observing the citizens personal data security are formed and required - Data Protection Law (Law no. 22/11 of 17 June 2011), as well as the BNA (Banco Nacional de Angola) requirements for credit and financial organizations ("representatives of the banking sector") AVISO N.º 082020.
In addition to local laws and regulations, in the case of processing EU members personal data, companies must comply with the GDPR requirements (General Data Protection Regulation). Also, financial institutions when processing payment card data related to the Payment Card Industry Security Standards Council must comply with the PCI DSS standard. The same situation is with the SWIFT payment system, whose members have their own regulatory and technical requirements.
In terms of compliance with the requirements for companies, it is very important to determine the applicable requirements, as well as the shortest ways to implement them. Moreover, some of the requirements of the various applicable legislations overlap, that, if properly analyzed, companies can use to reduce implementation costs.