Here are your rights when people collect your data in Zim, can’t have them collect it willy-nilly

Staff Writer Avatar
people on their laptops

The one thing you can be certain of is that whenever you visit the internet, someone is busy collecting your data. We consent to this collection because we want the free stuff, like seriously, who’s going to tell WhatsApp ‘no’? Do that and you won’t get to use WhatsApp.

It’s not just WhatsApp that collects data, right here in Zimbabwe, your data is on plenty of servers. You are not completely powerless, you do have rights as enshrined in the Cyber Security & Data Protection Act.

Reading through Acts is just not something most of us do. So the Postal and Regulatory Authority of Zimbabwe is on a campaign to educate us all on the contents of the Act we are talking about.

Read on to learn more about your rights.

Key Definitions

A data subject is a person whose personal information can be collected by a Data Controller. Anyone can be a data subject, including a child or an adult. This means anyone who gives out their personal information becomes a data subject.

Personal information includes; name, address, telephone number, race, national or ethnic origin, colour, religious or political beliefs or associations, age, sexual orientation, gender, marital or family status, fingerprints, blood type, health care history, educational, financial, criminal or employment history, opinions or views expressed, personal correspondence pertaining to home and family life.

A data controller is a person or company that processes the personal information of data subjects.


In December 2021, the President of the Republic of Zimbabwe signed into law the Cyber and Data Protection Act [Chapter: 12:07].

This law ushered in a new era where citizens have better control over their personal information by outlining the rights of data subjects. It also created obligations and responsibilities for data controllers to ensure the realisation of the right to privacy in Zimbabwe.

The law also created a Data Protection Authority (DPA) which is responsible for supervising the lawful processing of personal information in Zimbabwe. The Postal and Telecommunications Regulatory Authority is the designated Data Protection Authority.

Right to be informed

It is your right to be told before your information is taken from you or before it’s processed. You must be told why they need the information and what will they use the information for.

  • The purpose for processing.
  • Period for which data will be stored.
  • Third parties to whom the personal data will be disclosed.
  • Rights of the data subject.

Right of Consent

This means you must voluntarily give out your personal information and you must approve how it will be used.

Consent must be written, clear, available, easily accessible, and transparent. The right is not absolute as there are exceptions to the right to consent.

You have a right to withdraw given consent to the processing of your personal information at any time and without any explanation and free of charge.
Right of Access

You have a right to gain access to your personal information that the data controller processes.

Right of Correction

You have a right to have incorrect and misleading personal information about you rectified or corrected.

Right to deletion

  • You have the right to have personal information about you where:
  • Personal information about you is misleading or is false. The data are no longer necessary in relation to the purpose for which it was collected.
  • You have withdrawn your consent
  • Your personal data was unlawfully processed.

Right to restriction of processing (limitation)

You enjoy the right to restrict the processing of your personal information.

Right to objection

In certain cases, you have a right to object to the processing of your personal information by the data controller, especially the right to object to automated decision-making, that is, the processing of data for direct marketing or profiling without your consent.

Right to fair, lawful and transparent processing of personal information

You have a right to have your personal information processed in a fair, lawful and transparent manner. This includes having your data processed under the legal basis provided by the law, processed only for the specific purposes for which it was collected and kept for a period that is necessary for the purposes for which it was collected.

Right to complain

You have a right to complain to either the data controller or the Data Protection Authority.

The data subject is to write or complete a complaints notification form to the data controller or Data Protection Authority.

Data subject must get a response or decision and evidence to support the response or decision.

Also read:

Here’s your citizen’s guide to the Cyber Security & Data Protection Act

POTRAZ invites your input on data protection regulations, you might want to participate



What’s your take?

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. King

    Potraz is the worst culprit. They can give your personal data to any police officer who “suspect you to have committed a crime.” And we know the police in Zim, the stinking corruption, obsession with fixation haaaaaa,

  2. Myke

    Information is the most expensive commodity there is in this 4th Industrial Revolution we are living in and ignorance of our fellow countrymen is the one which has led to people saying what can one do with my personal information which can harm me in any form especially financial, but not knowing that one can control how you think, what you buy etc which I would like to call Algorithms of Control.

2023 © Techzim All rights reserved. Hosted By Cloud Unboxed