Zimbabwe

HomeZimbabwe

Zimbabwe: Data Protection Act

Zimbabwe’s Data Protection Act is a law that was passed in 2019 to protect the privacy of personal information. The law applies to public and private organizations and sets out rules for collecting, using, and processing personal data. It also establishes the Zimbabwe Data Protection Authority, which enforces the law and promotes awareness of data protection issues.

Under the Data Protection Act, personal data can only be collected for lawful purposes and with the individual’s consent. The law also requires organizations to take appropriate security measures to protect personal data from unauthorized access, loss, or destruction. Individuals have the right to access and correct their data, as well as the right to object to its processing under certain circumstances.

Overall, the Data Protection Act is an important step forward for data protection in Zimbabwe. By setting clear rules for collecting and processing personal data and establishing an enforcement mechanism, the law provides much-needed protection for individuals’ privacy. At the same time, the law also recognizes the importance of allowing the legitimate use of personal data, such as for research or national security purposes. It provides appropriate safeguards to ensure these uses are conducted responsibly and transparently.

Download Law
ARRANGEMENT OF SECTIONS

PART I – Preliminary
Section
1 – Short title.
2 – Object.
3 – Interpretation.
4 – Application.

PART II – Data Protection Authority
5 – Designation of Postal and Telecommunications Regulatory Authority as Data Protection Authority.
6 – Functions of Data Protection Authority.

PART III – Quality of Data
7 – Quality of data.

PART IV – General Rules on the Processing of Data
8 – Generality.
9 – Purpose.
10 – Non-sensitive data.
11 – Sensitive information.
12 – Genetic data, biometric sensitive data and health data.

PART V – Duties of Data Controller and Data Processor
13 – Duties of Data Controller.
14 – Rights of Data Subject.
15 – Disclosures when collecting data directly from data subject.
16 – Disclosures when not collecting data directly from data subject.
17 – Authority to process.
18 – Security.
19 – Security breach notification.
20 – Obligation of notification to Authority.
21 – Content of notification.
22 – Authorisation.
23 – Openness of processing.
24 – Accountability.

PART VI – Data Subject
Section
25 – Decision taken on basis of Automatic Data Processing.
26 – Representation of data subjection who is a child.
27 – Representation of physically, mentally or legally incapacitated data subjects.

PART VII – Transborder Flow
28 – Transfer of personal information outside Zimbabwe.
29 – Transfer to country outside the Republic of Zimbabwe which does not assure
adequate level of protection.

PART VIII – Code of Conduct
30 – Code of conduct.

PART IX – Whistleblowing
31 – Whistleblower.

PART X – General Provisions
32 – Regulations.
33 – Offences and penalties.
34 – Appeals.

PART XI – Consequential Amendments
35 – Amendment of Chapter VIII of Cap – 9:23.
36 – Amendment of Cap – 9:07.
37 – Amendment of Cap – 11:20.

Download Law

Comments are closed.

Close
About Decybr

Decybr is a technology platform offering an extensive database of international legal resources including laws, case laws and legal literature on cybercrimes. Branded as Decybrary, this database aggregation will be classified and searched by professionals using AI technology.

In addition to providing access to a comprehensive database of legal resources to professionals, Decybr will also offer online training to professionals on the legal and IT aspects of the laws, case laws and legal literature within cybercrime.

Archives