shloboe boe
Judith Phiri, Business Reporter
THE Postal and Telecommunications Regulatory Authority of Zimbabwe (Potraz) has called on companies to designate within their rank and file a data protection officer (DPO) to enhance data protection measures.
In a recent data protection webinar, Potraz Data Protection Director, Mrs Tsitsi Mariwo said it was also important for the DPOs to be certified by them as an authority.
“The first thing at the level of the entity within which you are coming from or if you are your own chief executive officers (CEOs) within your companies is to take action by designating a data protection officer (DPO),” she said.
“This individual is someone who gives assurance to us as the authority to say this particular institution is committed to protecting the rights of data subjects because they have designated someone who is dedicated to protecting the personally identifiable information of citizens.”
She said the person will also be responsible for putting organisational tools and technical measures to secure the information within the custody of that institution.
Mrs Mariwo called on companies and institutions to ensure that their DPOs are certified by Potraz, as they were certifying authority according to regulations promulgated in September this year.
“Zimbabwe’s Statutory Instrument (SI) 155 of 2024 Cyber and Data Protection Licensing Regulations was promulgated into law on 13 September 2024, outlining a framework for the appointment of Data Protection Officers (DPOs),” she added.
“This statutory instrument represents a significant step in strengthening the legal and regulatory framework for data protection and cyber security in Zimbabwe following the enactment of the Cyber and Data Protection Act (Chapter 12:07), which came into effect on 11 of March 2022.”
She said as Potraz they partnered with the Harare Institute of Technology (HIT), which is offering a Data Protection course.
In August last year, 57 data protection officers received certificates at Potraz headquarters in Harare after completing the course at HIT.
Mrs Mariwo said in terms of Section 6 of the Cyber and Data Protection Act, Potraz was mandated to create conditions for the lawful processing of personal information in Zimbabwe, including coming up with standardised educational programmes for purposes of promoting the protection of personal information of Zimbabweans.
She added: “In addition, Potraz has an obligation on its own or in partnership with others to promote an understanding of all the conditions and requirements for lawful processing, faith and transparency in accordance with the provision of the Cyber and Data Protection Act. We agreed to fulfill this mandate through the leadership of our director-general, Dr Gift Machengete.”
Mrs Mariwo said in February 2023, Dr Machengete took it upon himself to reach out to his counterpart, the vice chancellor of HIT, Engineer Quinton Kanhukamwe, to start a capacity boosting programme.
Dr Machengete and Eng Kanhukamwe agreed to partner in setting up a technical team that worked tirelessly in developing the curriculum, regulations and training content.
In terms of raising awareness around data protection, she said: “We have been to more than five provinces in Zimbabwe where we are trying to raise awareness on the rights of data subjects and the obligation of controllers, among other things.”
“We are saying yes, this has been done and it’s not enough, more awareness needs to be done especially considering that we picked that only 23 percent of Zimbabweans actually understand the Cyber and Data Protection Act as well as the rights contained therein. There is need for more work around awareness.”
The webinar was hosted by the Computer Society of Zimbabwe (CSZ) Bulawayo Chapter and National University of Science and Technology (Nust) Campus Radio under the theme: “From Awareness to Action: Strengthening Data Protection in Zimbabwe.”
Siphakeme .Mnindwa
