Highlights of Trends & Patterns Across Countries & Sectors
This section presents a synthesis of the notable trends and recurring patterns observed across the assessed countries and sectors. The analysis underscores variations in performance, spotlighting both areas of relative strength and persistent gaps requiring attention.
By considering the results from both sectoral and country-level perspectives, we gain a clearer understanding of the underlying factors driving these outcomes, as well as the broader dynamics that shape data protection practices across regions and industries.
These insights provide a foundation for targeted interventions, policy refinement, and strategic planning aimed at improving compliance and governance.
Country-Level Performance Over Five Years
A review of the five-year performance trajectory across countries reveals a pattern of gradual improvement, periods of fluctuation, and varied levels of maturity in data protection implementation. Countries added earlier to the Scorecard exhibit more visible performance cycles, while newly assessed countries provide baseline indicators for future monitoring.
Mauritius, included from 2023 onward, demonstrates a somewhat fluctuating yet generally stable performance profile. After a strong entry at 39.5% in 2023, its score dipped to 35.0% in 2024 before recovering to 40.0% in 2025. Although the shifts are modest, the rebound in 2025 suggests renewed momentum in strengthening compliance structures.
Zimbabwe, also added in 2023, shows a steady and incremental improvement across the three assessment cycles. Starting at 23.1% in 2023, Zimbabwe rose to 25.0% in 2024 and further to 28.0% in 2025. While the overall level remains low relative to more established performers, the consistent upward trend signals gradual capacity development and institutional strengthening.
Kenya continues to demonstrate one of the most dynamic performance trajectories. From 35.6% in 2021, the country advanced significantly in 2022 (45.2%) and peaked at 47.3% in 2023. Although Kenya experienced a temporary decline to 40.0% in 2024, it rebounded to 46.0% in 2025. This pattern suggests a maturing system capable of recovery after periods of institutional or operational strain.
Uganda exhibits a similar pattern of fluctuations within an overall upward trajectory. After relatively stable scores in 2021 (35.6%) and 2022 (36.3%), Uganda made a significant jump to 47.4% in 2023. The decline to 38.0% in 2024 mirrors regional challenges noted that year, but the country recovered to 43.0% in 2025, indicating resilience and growing institutional consistency.
Rwanda, added in 2024, entered with a moderate baseline score of 30.0%, improving slightly to 33.0% in 2025. This early ascent reflects strengthening regulatory structures, though significant gaps remain. Tanzania, also added in 2024, scored 29.0% in its first year and improved to 33.0% in 2025. This trajectory parallels Rwanda's early development curve, pointing to shared regional challenges but also comparably positive initial progress.
Among the countries newly added in 2025, Nigeria emerged as one of the stronger performers with a baseline score of 44.0%, surpassing several countries that have been tracked over the full five-year period. This strong entry underscores Nigeria's ongoing institutional reforms and growing emphasis on data governance. Ghana and Botswana, also assessed for the first time in 2025, entered at 36.0% each. These baseline scores place both countries in the mid-range of the index, providing a foundation for monitoring future improvement and aligning with broader regional trends.
Overall, the five-year analysis reveals a continental landscape marked by gradual improvement, differentiated rates of progress, and increasing alignment with data protection norms. Earlier entrants show more pronounced performance cycles, while newer entrants provide important reference points for future benchmarking. The collective upward trend across nearly all countries suggests growing institutional investment in data protection, even as challenges persist in achieving consistent and sustained compliance.
Sector-Level Performance over Five Years
An examination of sectoral performance over the past five years reveals a landscape marked by uneven progress, sector-specific challenges, and fluctuating levels of maturity in privacy governance. While some industries demonstrate clear and sustained improvements, others continue to exhibit significant structural and compliance gaps, underscoring the need for targeted regulatory and institutional interventions.
The telecommunications sector illustrates a pattern of steady advancement. With scores rising from 35% in 2021 to 46% in 2025, telecom operators appear to be gradually formalizing and institutionalizing privacy practices. This upward trajectory, though modest, suggests growing attention to internal controls, transparency mechanisms, and regulatory compliance likely driven by heightened scrutiny and the sector's centrality in digital ecosystems.
The e-commerce sector, which began as a top performer in 2021 and 2022, presents a contrasting picture. After peaking at over 50%, its performance declined sharply from 2023 onwards, stabilizing at 39% in 2024 and 2025. This regression signals weakening adherence to privacy best practices, likely influenced by rapid market expansion, complex data flows, and insufficient governance structures to match operational growth. The stagnation observed in the last two years raises concerns about sustainability of privacy measures within online retail platforms.
Similarly, the online betting sector exhibits volatility, recording a decrease from 33.8% in 2023 to 29.0% in 2024 before recovering to 36% in 2025. Such fluctuations reflect inconsistent embedding of privacy principles within an industry known for intensive data processing and high compliance risk. Regulatory oversight appears insufficient to stabilise these outcomes, suggesting a need for more stringent enforcement mechanisms.
In contrast, banks and financial institutions continue to demonstrate the strongest and most stable compliance performance across all sectors. Despite a temporary dip in 2023, the sector recovered significantly to 52% in 2025, mirroring its earlier peak. This trend reflects long-standing investments in compliance infrastructure, risk management, and data protection frameworks, driven by regulatory requirements and the sector's dependence on public trust.
The insurance sector also shows significant growth, from 23% in 2021 to 44% in 2025, indicating improving internal governance and greater recognition of privacy as an essential component of digital transformation efforts. However, the continued moderate performance suggests that more work is needed to strengthen transparency, consent processes, and safeguards around data sharing.
Despite slight improvements, government agencies remain among the poorest performers. Following a sharp decline to 11% in 2023, the sector made gradual progress, returning to 25% in 2025. This chronic underperformance reflects systemic gaps such as limited institutional capacity, inadequate policy frameworks, and low prioritisation of citizen data protection, factors that pose significant risks to public trust and digital service delivery.
The health sector, despite dealing with highly sensitive personal data, continues to score dangerously low. Rising from 0% in 2021 to only 22% in 2025, health institutions still lack robust data protection systems, particularly in the areas of security controls, consent management, and breach preparedness. This exposes patients to substantial risks and signals a pressing need for sector-wide reforms.
Finally, digital loan service providers reveal a mixed trajectory. After strong performance in 2023, scores dropped sharply in 2024 before partially recovering in 2025. These fluctuations suggest difficulties in aligning business models, often reliant on aggressive data extraction, with emerging privacy norms. However, the 2025 rebound indicates increasing responsiveness to regulatory pressure.
Across all sectors, the data highlights a persistent low maturity level in privacy compliance, with no industry consistently exceeding the 60% threshold. The sporadic nature of improvements suggests that progress is largely reactive, driven more by external pressures than by embedded institutional culture. This underscores the need for sustained capacity building, sector-specific guidance, and stronger enforcement mechanisms to ensure privacy protection becomes a fundamental component of organizational practice.