Male hospital employee in suit and tie standing and smiling at male coworker (in foreground).

Navigating your way to the Cloud
Mauritius

A Journey of Digital Transformation
An Interactive Guide for Legal and Compliance Professionals

INTRODUCTION TO CLOUD IN MAURITIUS

The ICT sector is a key sector in Mauritius. Vision 20301 aims to transform Mauritius from a cyber island into a smart island. The Mauritian government2 sees the ICT sector as a key facilitator for achieving national economic growth plus wealth and employment creation.

Digital transformation is about reimagining how you bring together people, data, and processes to create value for your customers and maintain a competitive advantage in a digital-first world. Mauritius is experiencing digital transformation everywhere, including in the healthcare space, manufacturing and resources, education, retail and consumer goods and also agriculture. With improving connectivity, Mauritius is witnessing a rise in smartphone use and the global connection of devices. Businesses and institutions across all sectors are reassessing their technology strategies to better engage their customers, empower their employees, optimize their operations and transform their products and services.

The Mauritian government recognizes that technology can play a key role in building an all-inclusive information society.3 At Microsoft, we agree. We believe that hyper-scale cloud services, in particular, can play a pivotal role in helping Mauritius unlock its key socio-economic objectives while ensuring a safer, more secure and more effective environment, which adheres to accepted international technical standards.

Many have already realised the obvious benefits of cloud services, including efficiencies, cost savings, cyber-resilience and secure access. Increasingly, those looking to future-proof their business are also recognizing that to fully harness the potential of technologies like artificial intelligence, machine learning, Internet of Things and augmented or virtual reality, they will likely need to rely on the hyper-scale cloud and the scalability it can offer. Use of cloud services can also provide a competitive edge.

All clouds are not created equal. As more Mauritian individuals and business organizations turn to cloud driven technologies, the selection of a trusted cloud service provider with a long history of delivering on privacy and security commitments in a compliant and transparent manner, now more than ever, is a critical part of the cloud journey for any customer. In a time when technology is changing almost every aspect of our lives, and the change is also causing disruption and uncertainty, Microsoft continues to draw from its past as we seek the right answers to questions about how best to realize opportunities ahead and create a trusted, responsible, and inclusive cloud.

Microsoft has been at the forefront of the cloud technology revolution in Mauritius and provides its customers with state of the art cloud services. Its solutions such as Microsoft Azure, Office 365 and Microsoft Dynamics 365 power many different customers across the MEA region, including SMEs, large global corporates, public sector and non-profit organizations.

In addition, Microsoft will soon deliver the intelligent Microsoft Cloud for the first time from data centres located in South Africa. The new cloud regions will offer enterprise-grade reliability and performance to help enable the tremendous opportunity for economic growth and increase access to cloud and internet services for organizations and people across the African continent. This new investment is a recognition of the enormous opportunity for digital transformation in Africa and is a major milestone in the company’s mission to empower every person and every organization on the planet to achieve more in a safe, secure and legally compliant manner.

THE REGULATORY LANDSCAPE

  • Cloud-based services adoption in Mauritius has, as in many other countries, been accompanied by concerns about regulatory compliance. These concerns focused, in particular, on the ability of cloud service providers to ensure a high level of security and privacy compliance. That is changing as organizations understand they can move to the cloud in a way that meets and often exceeds all their security and privacy requirements. In the banking sector, the Bank of Mauritius, the regulator, has set down guidelines to enable financial institutions to tap into the benefits which cloud computing provides. End-users recognize that cloud solutions from leading providers such as Microsoft are able to offer levels of security and privacy compliance that can exceed those available via in-house solutions of even the most sophisticated organizations.

    At Microsoft, we welcome these positive developments. We are pleased to have already participated in a large number of compliance conversations with customers and regulators across sectors in the region. Through these conversations, we have developed a broad range of materials to help our customers in Mauritius move to the cloud in a way that meets their regulatory requirements and stay at the forefront of compliance, so that our customers can be confident that their use of Microsoft cloud services meets the necessary requirements.

  • There is no specific uniform law or regulation which regulates cloud computing in Mauritius. There are however sector-specific laws and guidelines which may apply, including those which regulate the use of cloud-based services by financial institutions in the banking sector.

    Microsoft is proud to confirm that it meets regulatory and compliance requirements for use of the cloud in some of the most highly regulated industries across the globe, and can help you to achieve compliance with the regulatory and compliance requirements applicable in your sector.

    • Data privacy law is principally governed by the Civil Code and the Data Protection Act No. 20 of 2017 ("DPA") which is largely based on the EU General Data Protection Regulations.

      The DPA requires customers who are data controllers to have a written agreement with their cloud service providers which must address privacy and security issues relating to use of the cloud-based services – in particular, to ensure appropriate security and organizational measures for the prevention of unauthorized access to, alteration of, disclosure of, accidental loss, and destruction of data.

      The data controller (customer) should also ensure that the measures taken provide a level of security appropriate to the harm that might result from the unauthorized access to, alteration of, disclosure of, destruction of the data and its accidental loss and the nature of the data concerned. In determining the appropriate security and organizational measures (particularly where the processing involves the transmission of data over an information and communication network) the data controller (customer) must have regard to (a) the state of technological development available, (b) the cost of implementing any of the security measures, (c) the special risks that exist in the processing of the data, and (d) the nature of the data being processed.

      The Data Protection Commissioner ("Commissioner") is vested with the statutory power to carry out periodic audits of the systems of data controllers and data processors to ensure compliance with data protection principles. Where the Commissioner is of the opinion that the processing or transfer of data by a data controller or data processor entails specific risks to the privacy rights of data subjects, she may inspect and assess the security measures taken prior to the beginning of the processing or transfer.

    • The Corporate Governance Code ("Code") applies to public interest entities, public sector organizations, including state-owned enterprises and parastatal bodies. Other companies are encouraged to apply the provisions of the Code, insofar as the principles are applicable.

      The Code makes the board of a company responsible for the governance of the company’s information strategy, information technology and information security, in particular:

      • to manage effectively and delegate to management the implementation of a framework on information, information technology and information security governance;
      • to monitor and evaluate significant investments in information technology;
      • to ensure that the information security policy is regularly reviewed and monitored;
      • to ensure that IT policies and strategy are in place and are effective;
      • to ensure that information governance system adhere to standards set by international recognized bodies and frameworks; and
      • to obtain independent assurance concerning the effectiveness of the company's information, information technology and information security governance systems.
  • This checklist provides a detailed look into the legal obligations that may affect your usage of Microsoft Cloud Services.

    Click here to download the checklist.

  • In addition to general laws, industry-specific requirements may apply. You can find out more about the requirements that apply in your industry sector by selecting from "Industries" on the top right-hand corner of this page.

    Financial Services

    Financial Services

    Health

    Health


WE BUILD OUR TRUSTED CLOUD ON FOUR FOUNDATIONAL PRINCIPLES

Security

Security

We build our services from the ground up to help safeguard your data

Learn more
Privacy

Privacy

Our policies and processes help keep your data private and in your control

Learn more
Compliance

Compliance

We provide industry-verified conformity with global standards

Learn more
Transparency

Transparency

We make our policies and practices clear and accessible to everyone

Learn more

INDUSTRY RESOURCES

INDUSTRY RESOURCES

INDUSTRY RESOURCES

INDUSTRY RESOURCES

RECOMMENDED RESOURCES

CUSTOMER STORIES

 
 
SEE MORE STORIES

CUSTOMER STORIES

 
 
SEE MORE STORIES
*EXPLANATORY NOTE AND DISCLAIMER: This website is intended to provide a summary of key legal obligations that may affect customers using Microsoft cloud services. It indicates Microsoft’s view of how its cloud services may facilitate a customer's compliance with such obligations. This website/document is intended for informational purposes only and does not constitute legal advice nor any assessment of a customer's specific legal obligations. You remain responsible for ensuring compliance with the law. As far as the law allows, use of this website/document is at your own risk and Microsoft disclaims all representations and warranties, implied or otherwise.