💡 律咖编者按: 本文由律咖网社群读者 halimeda 投稿分享。 为了方便大家阅读,律咖网编辑 JingJing(微信:lvga2015)对原文进行了细致的逻辑润色与合规性整理。希望能给正在 布基纳法索 创业路上的你带来真实的参考。

I didn’t come to Burkina Faso for data leaks.

I came for hair.

Straight hair. Thick, smooth, unyielding — the kind that doesn’t curl in the Sahel heat. I sell Brazilian keratin-treated extensions, mostly to women who’ve spent years battling frizz with coconut oil and prayers. My business started small: 300 units shipped from Chongqing, packed in cardboard boxes that smelled like burnt sugar and hope.

I didn’t think about GDPR. I didn’t think about data protection laws. I thought about shipping labels, WhatsApp groups, and whether my customers would believe me when I said, “This isn’t synthetic, it’s real human hair.”

Then, last November, a client messaged me:

“Halimeda, someone used my phone number to open a mobile money account. They took 28,000 CFA. My name is on the register. I don’t know how.”

I didn’t know either.

The Silence Between the Clicks

Burkina Faso has no formal data protection law as of early 2026. There’s no equivalent to the EU’s GDPR. No national data authority. No public registry of breaches. The digital infrastructure is patchy — mobile networks work, but servers? Often hosted in Lagos or Dubai, sometimes even in a cousin’s bedroom in Ouagadougou, running on a generator.

I learned this the hard way.

When I started collecting customer names, phone numbers, and delivery addresses — just to track returns, because 17% of my shipments come back damaged or mismatched — I assumed it was harmless. Like keeping a notebook in a drawer. But in a place where SIM cards can be bought without ID, where digital identities are stitched together from WhatsApp chats and bank transfers, your data doesn’t stay yours.

A few weeks ago, I got a call from a woman in Bobo-Dioulasso. She said her number had been used to sign up for three different online loan apps. She’d received threatening messages. Her husband was afraid to answer the phone.

I asked: “Did you share your number with anyone else?”
She said: “Only you. And the guy who delivered your hair.”

I didn’t know what to say.

That’s when I realized: I was part of the leak.

I had no encryption. No consent form. No storage policy. Just a Google Sheet named “Burkina Clients — Final List — DO NOT DELETE.”

And now? I’m terrified to open it.

The Invisible Framework

I’ve spent the last four months trying to understand what “data security” even means here.

I spoke to a local tech shop owner in Ouagadougou. He said, “We don’t have laws. We have habits.” He showed me his client database — stored on a USB stick, passed around between three employees. “If someone steals the stick, they get everything. But who steals a USB? No one thinks it’s valuable.”

I asked if he’d heard of ENISA’s warnings about centralized digital infrastructure being targets. He laughed. “We don’t have centralized anything. We have five people with phones and one Wi-Fi router.”

I read about the European Central Bank’s digital euro — how it’s designed to be anonymous offline, like cash. I thought: If only my customers could pay me in digital cash that no one could trace.

But here? The only “anonymous” payment is cash. And cash doesn’t leave a trail — which means I can’t track returns. Which means I lose money.

So I’m stuck between two shadows:

  • One where I collect data to survive,
  • One where that data gets misused, and I become complicit.

I don’t know if I’m protecting my business — or poisoning my customers.

I used to think data was just numbers. Now I see it as a kind of breath.
And in Burkina Faso, air is expensive.

What I’ve Tried — And What Didn’t Work

I’ve tried three things.

1. Switched to encrypted forms.
I started using Jotform with end-to-end encryption to collect customer info. But 60% of my clients couldn’t open the link. They use basic Android phones. Some don’t have internet at home. I had to go back to WhatsApp.

2. Asked for written consent.
I printed a one-page note in French and Moore: “I allow Halimeda to store my phone number for delivery purposes only.”
Only 12% signed. The rest said, “Why? You already have my number.”

3. Asked local lawyers.
One told me, “We don’t have data laws here, but if someone sues you for leaking info, you’ll be blamed anyway.”
Another said, “If you want to be safe, don’t collect anything. But then how do you run your business?”

I don’t know the answer.

Three Things I Do Now — Not Because They’re Perfect, But Because I’m Still Here

  1. I never store full names and numbers in the same file.
    One sheet has names and addresses. Another has phone numbers and payment IDs. They’re on separate devices. One is encrypted. One is just a note on my phone.
    It’s slow. It’s messy. But it’s not one breach away from disaster.

  2. I tell every customer: “Your number is only for your order. If you change your mind, tell me. I will delete it.”
    I say it every time I send a package. Not as a legal clause. As a promise.
    I don’t know if they believe me. But I believe I’m trying.

  3. I stopped using third-party logistics who demand customer data.
    One delivery partner asked for full ID copies. I said no. I lost 15% of my shipments to delays. But I sleep better.

FAQ: What Can You Do If You’re Selling in Burkina Faso?

Q: Should I collect customer data at all?
A: It’s often necessary for returns, delivery, and customer service — but only collect what you absolutely need.

  • Step: Write down why you need each piece of data.
  • Path: Use minimal fields (e.g., phone + delivery point only).
  • Checklist: Avoid IDs, bank details, photos, or location history unless legally required — which here, it rarely is.

Q: How do I respond if a customer says their data was leaked?
A: Listen. Apologize. Don’t blame. Then act.

  • Step: Ask if they know how the leak happened.
  • Path: Offer to delete their info immediately.
  • Checklist: Never promise to “fix” the leak — you likely can’t. But you can stop contributing to it.

Q: Is there any official guidance for foreign sellers?
A: Not yet. Burkina Faso’s digital economy is growing, but regulation lags.

  • Step: Monitor the African Union’s Data Protection Framework (Malabo Convention) — it’s ratified but not enforced here.
  • Path: Check with your local chamber of commerce in Ouagadougou for updates.
  • Checklist: Assume no protection exists. Build your own.

I used to think running a business overseas meant dealing with customs, tariffs, and language barriers.
I didn’t think it would mean becoming a reluctant guardian of people’s digital lives.

I’m not a lawyer. I’m not a tech expert. I’m a girl from Jiangxi who learned to comb hair with a straightener and sing to herself while packing boxes.

I didn’t choose this. But I’m here.

And if you’re also here — selling hair, selling hope, selling anything — know this:
You don’t need to have all the answers.
You just need to care enough to ask the question.

前几天我和编辑 JingJing 聊起这件事。她没告诉我该怎么做。她只是说:“你愿意写下来,就已经是第一步了。”

如果你也在布基纳法索,或在任何数据规则模糊的地方做小生意,
我们或许都只是在黑暗里摸索着,想把一盏灯,轻轻放在别人能看见的地方。

如果你愿意,可以加 JingJing 微信(lvga2015)——不是为了买服务,不是为了找答案。
只是为了说一句:“我也是。”

我们不是在解决数据泄露。
我们只是在学着,不把它变成别人的噩梦。

🔸 延伸阅读

🔸 Burkina Faso receives Russian military equipment worth 345,000 euros
🗞️ 来源: francais_rt – 📅 2026-03-06
🔗 阅读原文

📌 免责声明

请知悉:律咖网(Lvga.com)是跨境创业公开信息与内容分享平台,不提供法律、税务、会计或合规服务。
本文内容基于公开资料,并由人工编辑与 AI 工具协助整理,仅供信息参考之用,不构成任何法律、投资、移民或商业决策建议。
政策可能随时间变化,请以官方渠道与当地持牌专业人士意见为准。
如内容有需要修订之处,欢迎随时与我联系。