Earlier this year, the Cyber and Data Protection Act was gazetted. The main aim of the Act is to “provide for data protection with due regard to the Declaration of Rights under the Constitution and the public and national interest.”
You should be familiar with it by now. However, if you’re not, the Media Institute of Southern Africa (MISA) released a citizen’s guide to it. We talked about that here.
The Act provided the framework, but work continues in the data protection race. There is a draft of cyber and data protection regulations and you can contribute to that effort. The specific regulations in question have to do with the licensing of data controllers and data protection officers.
If you haven’t had time to go through the Act or the citizen’s guide, here’s a checklist that should help you get a feel of what a data controller is and if you are one.
Checklist from Data Controller Self Assessment form in draft regulations.
You are a DATA Controller if :
- You decide to collect or process the Personal Data.
- You decide what the purpose or outcome of the Processing will be.
- You decide what Personal Data should be collected.
- You decide which individuals to collect Personal Data from.
- You obtain a commercial gain or other benefit from the Processing of Personal Data
- You are Processing the Personal Data because of a contract between you and the Data Subject.
- The Data Subjects are your employees.
- You make decisions about the individuals concerned as part of or because of the Processing.
- You exercise professional judgement in the Processing of the Personal Data.
- You have a direct relationship with the Data Subjects.
- You have complete autonomy as to how the Personal Data is processed.
- You have appointed the processors to process the Personal Data on your behalf.
Call for your input
The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) released a circular calling for input from the public at large on the regulations.
DATA PROTECTION REGULATIONS
Notice To: All Stakeholders
The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) wishes to advise the Public to provide input into and comments on the Cyber and Data Protections Regulations (Licensing of Data Controllers and Appointment of Data Protection Officer (DPOs) Regulations, 2022 (No….).
The Regulations are on the POTRAZ website and can be accessed on [this link]
The deadline for the comments and value additions is the 12th of December 2022. All comments and value additions shall be submitted on email to: the.regulator@potraz.gov.zw.
Your participation in this consultation, will be greatly appreciated.
POTRAZ Director General
I am not too worried about the email requirement as I believe it’s reasonable to expect those with suggestions on this topic to have access to email.
I know there are some among us who have ideas on how the regulations should look. Let us not be armchair critics, let us take advantage of opportunities like these and make our voices heard. The worst that can happen is your suggestion being ignored, but that’s not too bad as downsides go.
Below are the draft regulations.
Also read:
The RBZ invites dialogue on coming digital currency (CBDC), you have to be a part of this
Here’s your citizen’s guide to the Cyber Security & Data Protection Act
7 comments
How is holding personal information of employees by an employer affected by the various data protection acts?
All I am asking from Potraz is the forcing of telcoms operators to have zero rated apps and websites. Recently I was in a war 9f words with Econet agents on why they don’t zero rate their apps. Netone said they didn’t have an app altogether. When we are in South Africa we enjoy surfing through telco zero rated sites but when we compare those in Zimbabwe accuse us of being pompous yet it’s the standard and requirement. How can Econet zero rate TechZim and Pindula sites and apps when theirs are paid for? Something is not right.
I was about to say it must be a function of gaining competitive advantage, but i looked it up and it seems to be half half. SA gov zero rates qualifying educational websites and covid resources, with the rest seemingly being at the discretion of the networks. No idea if its the same system for Zim. Either gov forces it to happen, competition makes it happen or nothing happens, a luta continua
That’s could be a form of sponsershing and payment for techzim
Unfortunately it may produce bias
This already sounds overly broad to my layman ears. Will I need a license to operate a WhatsApp poll? What about keeping a Google Doc form for an event or as office records? Or a blog or newsletter that has metrics tracking built in? Can i have contacts in my phone if I don’t have a license? Is my niece allowed to have a detailed invitation list for her next birthday party on her notes app?
I guess i’m being pedantic, but to me, this casts a pretty wide net from my khule with his T9 keyboard equipped phone to Apple itself. I think I get the intent of the law, but the letter of the law is wide open.
Ps. Holy crap! Those fees! If they play their cards right, this could make over 1% revenue, just like domestic covid testing industry in China!
All im asking for is a free and fair election zvimwe zvese azvina basa
PORTRAZ should be doing far more to get service providers to actually provide a proper service! We should get what we pay for, we deserve good customer service, PROPER network coverage etc etc. Those should be the priorities