Zimbabwe Cyber And Data Protection Act

Zimbabwe’s Cyber and Data Protection Act is a law created to protect the private data of internet users from abuse. It however also covers cybersecurity and cybercrime issues in addition. The law creates new responsibilities for companies that collect data within Zimbabwe whether those data handlers are in Zimbabwe or not.

The Cyber and Data Protection Act [Chapter 12:07] came into effect on the 11th of March 2022, after it gazetted by GN 492/2022. The Data Protection Authority in charge of the administration this law is the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ).

This page has been created to help companies and individuals navigate this law.

Downloads

Cyber and Data Protection Act (2021) – PDF
The Act itself usually has the date 2021 in it. This is because it was initially gazetted in December 2021 with the wrong title “Data Protection Act”. It had to be gazetted again in March 2022 with the corrected title “Cyber and Data Protection Act”. The contents of the act did not change.

155 of 2024 Cyber and Data Protection Licensing Regulations – PDF
Zimbabwe’s Statutory Instrument (SI) 155 of 2024 Cyber and Data Protection Licensing Regulations was promulgated into law on the 13th September 2024

Cyber and Data Protection Implementation Guidelines on Appointment, Roles, Responsibilities, Training and Certification of Data Protection Officers. (Published by POTRAZ)

MISA Cyber and Data Protection Act Guide – PDF
In 2022, the Media Institute of Southern Africa created this useful guide to the law.

FAQ on Cyber and Data Protect

What is the salary of a Data Protection Officer in Zimbabwe?

This really depends on the organisation – size, level of responsibility etc… In larger companies, the salary for this position can range from US $800 to US $2,500

Do WhatsApp Admins really need to get a license and pay a fee?

No. Our conversations with officers at Potraz have revealed that the spirit of the law is not to require licensing for WhastApp community admins. It’s meant for organisations that keep people’s personal data.

As a company what is the deadline for having a trained Data Protection Officer?

Data Protection Act News

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.