Zimbabwean Companies Will Be Affected By EU’s Privacy Policy Updates. Here’s How

Alvine Chaparadza Avatar
Flag of the European Union

Lately, many people have been receiving notifications about privacy policy updates from various websites and Apps. These policy updates are popping up because organizations are adopting a new European Union (EU) Directive called General Data Protection Regulation (GDPR) that is set to change how business is done the world over.

Websites and Apps like WhatsApp, Instagram and Snapchat are already changing their T’s and C’s notifying users as they seek to comply with the GDPR directive. Before you see how these policy updates affect Zimbabwean companies, let’s see GDPR is all about?

What is GDPR?

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. While GDPR is good news for the data privacy of individuals in the EU, investors may be irritated by these changes.

WhatsApp, for instance, has decided to cut off under-16s from its services altogether and Snapchat, another App with a youthful user base is following suit. This significantly reduces the number of users on these platforms

Who will GDPR specifically?

Beyond Europe, GDPR will apply to any business where their data processing relates to the offering of goods and services to EU-based people or the monitoring of online behavior. Even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:

  • A presence in an EU country. 
  • No presence in the EU, but it processes personal data of European residents.
  •  More than 250 employees.
  •  Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional or includes certain types of sensitive personal data. That effectively means almost all companies.

What constitutes personal data?

Personal data is any information related to a natural person that can be used to directly or indirectly identify the person.

It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

What are the penalties for non-compliance?

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data.

Why does GDPR even exist?

In a nutshell, it exists because of public concern over privacy. Europe, in general, has long had more stringent rules around how companies use the personal data of its citizens.

How will these privacy policy updates/GDPR affect Zimbabwean companies?

Of course, an EU-based company or multinational corporation that does business in the EU is expected to comply with the GDPR. But what about Zimbabwean. companies that have no direct business operations in any one of the 28-member states of the European Union. Do they have anything to worry about?

Zimbabwean companies without a physical presence in an EU country collect most of the personal data belonging to EU data subjects over the Web.

Many websites in Zimbabwe collect this kind of data through newsletters and signing up can be affected by the GDPR directive.

Customer engagement will be hard under the GDPR directive. The conditions for obtaining consent are stricter as the individual must have the right to withdraw consent at any time.

This means you have to be able to prove that the individual agreed to a certain action, to receive a newsletter for instance.  This changes a lot of things for companies such as the way your sales teams prospect or the way that marketing activities are managed.

Zimbabwean-based hospitality, travel, banks and stoke brokers companies will certainly have to take a closer look at their online marketing practices. Also, companies with a strong Web presence like us Techzim should be paying attention and changing practices now.

When does your company need to be in compliance?

Companies must be able to show compliance by May 25, 2018.


  1. wokenman

    These things always feel like maEuropean anoshaya zvekuita after colonialism and the world wars and now get more and more obsessed with bureaucracy and regulation. No wonder Britain LEFT – over time this fixation with rules is going to sink them economically because it’s not as if their populations are the most enthusiastic consumers either – companies will just decide to play elsewhere one of these days.

    1. Anonymous

      I do not see anything wrong with the regulations that mostly seek to protect individuals’ privacy. Can you state just one wrong thing about the regulations.

  2. Joseph Makuni

    Love this article. I wrote my undergrad dissertation on data protection so i find this relevant. Its just sad how most people are oblivious to why data protection legislation is critical and fundamental in modern society

2023 © Techzim All rights reserved. Hosted By Cloud Unboxed