Earlier this year, the Cyber and Data Protection Act was gazetted. The main aim of the Act is to “provide for data protection with due regard to the Declaration of Rights under the Constitution and the public and national interest.”
You should be familiar with it by now. However, if you’re not, the Media Institute of Southern Africa (MISA) released a citizen’s guide to it. We talked about that here.
The Act provided the framework, but work continues in the data protection race. There is a draft of cyber and data protection regulations and you can contribute to that effort. The specific regulations in question have to do with the licensing of data controllers and data protection officers.
If you haven’t had time to go through the Act or the citizen’s guide, here’s a checklist that should help you get a feel of what a data controller is and if you are one.
Checklist from Data Controller Self Assessment form in draft regulations.
You are a DATA Controller if :
- You decide to collect or process the Personal Data.
- You decide what the purpose or outcome of the Processing will be.
- You decide what Personal Data should be collected.
- You decide which individuals to collect Personal Data from.
- You obtain a commercial gain or other benefit from the Processing of Personal Data
- You are Processing the Personal Data because of a contract between you and the Data Subject.
- The Data Subjects are your employees.
- You make decisions about the individuals concerned as part of or because of the Processing.
- You exercise professional judgement in the Processing of the Personal Data.
- You have a direct relationship with the Data Subjects.
- You have complete autonomy as to how the Personal Data is processed.
- You have appointed the processors to process the Personal Data on your behalf.
Call for your input
The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) released a circular calling for input from the public at large on the regulations.
DATA PROTECTION REGULATIONS
Notice To: All Stakeholders
The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) wishes to advise the Public to provide input into and comments on the Cyber and Data Protections Regulations (Licensing of Data Controllers and Appointment of Data Protection Officer (DPOs) Regulations, 2022 (No….).
The Regulations are on the POTRAZ website and can be accessed on [this link]
The deadline for the comments and value additions is the 12th of December 2022. All comments and value additions shall be submitted on email to: email@example.com.
Your participation in this consultation, will be greatly appreciated.
POTRAZ Director General
I am not too worried about the email requirement as I believe it’s reasonable to expect those with suggestions on this topic to have access to email.
I know there are some among us who have ideas on how the regulations should look. Let us not be armchair critics, let us take advantage of opportunities like these and make our voices heard. The worst that can happen is your suggestion being ignored, but that’s not too bad as downsides go.
Below are the draft regulations.