CONTENTS About the Basic Guide Structure of the Guide What is Data Protection Is data equal to information? Data protection and human rights protection Is the Act the Only Law? When, and where is the Data Protection Act applicable? Where is the data processing taking place? When is the Act enforceable? What Data is Protected under the Act? Key Definitions What is Personal Information? What is Sensitive Data? What is a Data Protection Authority? Can decisions of the Data Protection Authority be challenged? Data Processing Principles Generality Purpose Non-Sensitive Data Sensitive Information Genetic data, biometric sensitive data and health data Duties of Data Controller Data Subject Rights Data Collected from Data Subject Data not Collected from Data Subject Authority to Process Security Notifications Who is a data protection officer? Content of Notification Authorisation Openness of processing Accountability Decision taken on basis of Automatic Data Processing Representation of data subject who is a child Representation of physically, mentally or legally incapacitated data subjects Transfer of personal information outside Zimbabwe Transfer to country outside Zimbabwe which does not assure adequate level of protection Code of Conduct Whistleblower Regulations, Offences, Penalties and Appeals 2 M I S A Z I M B A B W E • G U I D E T O T H E Z I M B A B W E A N C Y B E R A N D D A T A P R O T E C T I O N 3 3 4 4 5 6 6 7 8 8 9 10 11 13 14 16 16 16 18 19 20 22 22 23 24 25 25 26 26 27 27 28 28 29 30 30 31 33 33 34 35 A C T - 2 0 2 2