Introduction
Data Protection Act Zimbabwe: The Data Protection Act [Chapter 11:12] was officially designated on December 3, 2021. It went into effect on the same day.
In essence, the new data protection law requires all businesses in Zimbabwe to follow data protection and privacy standards while collecting data. For instance, data such as personal information from consumers or employees.
Businesses must ensure that they create systems that promote and safeguard data privacy. They are to do so while also processing data equitably and securely in order to keep up with emerging technology. In this post, we will present a general review of the Data Protection Act’s requirements.
Objectives
According to Section 2 of the Data Protection Act, the primary goal of data protection legislation is to strengthen data protection. This is to foster confidence and trust in the secure use of information and communication technology.
Application
Section 4 of the Data Protection Act applies to matters relating to information access, information privacy protection, and the processing and storage of data entirely or partially by automated means.
The law also applies to all entities in Zimbabwe as well as those that are not permanently domiciled in Zimbabwe.
Important Provisions
Section 3 of the Data Protection Act defines data as any representation of facts, concepts, or information in a form suitable for communications, interpretation, or processing in a computer device, computer system, database, electronic communications network, or related devices. Furthermore, includes a computer program and traffic data.
The Act also defines a data controller as any natural or legal person, including public bodies. These are the ones who determine the purpose and means of processing data and are licensed by the Data Protection Authority. Data controllers must guarantee that data processing is essential and that data is processed fairly and legally.
The Authority
The Data Protection Act creates the Data Protection Authority (the Authority), which is the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ), the current telecommunications regulator.
The Act specifies how data controllers must process non-sensitive and sensitive information. The Act addresses the trans-border movement of data, which includes the transfer of personal information outside of Zimbabwe.
Criminal Law
The Data Protection Act amended sections 163-166 of the Criminal Law (Codification and Reform) Act [Chapter 9:23] by criminalizing offenses. For instance, offenses such as unauthorized data acquisition, unlawful data tampering, unlawful data disclosure, and data codes.
The Act outlaws the transmission of data messages inciting violence or property damage, the sending of threatening data messages, hacking, spam, cyber-bullying, and harassment, and the uploading of sexually explicit information without the consent of the data subject. These unlawful crimes are punishable by fines and prison terms ranging from ten to fifteen years.
Conclusion
Some institutions may implement worldwide best practices for collecting and processing confidential information. However, there is still a need to improve data privacy and data protection enforcement.
As a result, the new data protection law strives to strengthen the framework for protecting the privacy and personal data rights. Thus, the new data protection law is a laudable step toward realizing privacy rights and protecting personal data in Zimbabwe.