ABOUT THIS GUIDE STRUCTURE OF THE GUIDE This Guide intends to assist ordinary citizens, data protection advocates, human rights advocates, media organisations and interested individuals in getting a basic understanding and application of the Cyber and Data Protection Act (Act). This guide aims to contribute to the general citizens’ awareness of Zimbabwe’s data protection legal framework. Contents of the guide are not intended to constitute legal advice. The guide will not include specific legal advice on how to comply with the Act. Compliance requires more than a legal analysis, as there are technical and organisational security requirements for effective data protection. However, some sections might provide basic checklists for ease of understanding and interpretation of the Act’s provisions. For comparative regional and international experiences, reference and examples will be drawn from South Africa’s Protection of Personal Information Act (POPIA), and the European Union General Data Protection Regulation (GDPR). Other regional standards might also be referenced for their persuasive value.1 In addition, various court decisions will be referenced as relevant or necessary. 1 For ease of reading, the Guide follows the structure and sections of Zimbabwe’s Act. This will allow the Guide’s user to read and analyse provisions of the Act against the Guide’s commentary. ACRONYMS POPIA Protection of Personal Information Act GDPR General Data Protection Regulation FOIA Freedom of Information Act POTRAZ Postal and Telecommunications Regulatory Authority of Zimbabwe DPA Data Protection Authority DPO Data Protection Officer These include the African Union Convention on Cybercrimes, Data Protection or the SADC Model Law on Data Protection. M I S A Z I M B A B W E • G U I D E T O T H E Z I M B A B W E A N C Y B E R A N D D A T A P R O T E C T I O N A C T - 2 0 2 2 3