Uwazi

- Public documents
- Sign in

www.misa.org

5.1.2. Limitation of the scope of application of the Cyber & Data Protection Act
The Cyber and Data Protection Act should expressly indicate that it does not apply to the processing of
personal data by a natural person during a purely personal or household activity, in accordance with
international best standards.

5.1.3. Establishment of a truly independent National Data Protection Authority
The fact that POTRAZ is subject to the executive’s control in various material respects detracts from its
independence as the National Data Protection Authority envisaged by the best international standards.
Further, the fact that POTRAZ is also the Cyber Security Center and the postal and telecommunications sector
regulator means it is stretched thin, thus adversely affecting its ability to effectively fulfil the extensive and
onerous functions reposed in the National Data Authority. Accordingly, there is a need to establish a separate
and stand-alone entity as the National Data Protection Authority.

5.1.4. Separate and explicit provisions for principles relating to the processing of personal information
Currently, the Cyber and Data Protection Act frames and casts the principles relating to
processing personal information as duties of the data con yet principles and duties are
different. This gives the impression that the Act conflates the principles relating to data
processing and duties of data controllers. Accordingly, there is a need to amend the Act to
make separate and explicit provisions for principles relating to the processing of personal
information.
5.1.5. Enhancement of the rights of data subjects
To address the currently narrow scope of the bill of data subject rights in the Cyber and Data Protection Act,
the Act needs to be amended by enlarging the ambit of data subject rights such as the rights to rectification,
erasure, and objection and enshrining new rights such as the rights to restriction of processing and data
portability. Data controllers and processors must also be obliged to comply with obligations arising out of
data subject rights without undue delay.

5.1.6. Tightening of the obligations of data controllers regarding data security breach The Cyber and
Data Protection Act should be amended to oblige the data controllers to notify the data subject of security
breaches. This is necessary because the breach is likely to pose a high risk to natural persons’ rights and
fundamental freedoms.

Misa Zimbabwe Policy Brief

Select target paragraph3

● ● ●

Info
0Connections

Policy Brief: Addressing The Gaps In The Data Protection, Privacy And Surveillance Legislation

MISA publications

Description: This is a MISA Zimbabwe publication focusing on Addressing The Gaps In The Data Protection, Privacy And Surveillance Legislation in Zimbabwe

MISA chapter: Zimbabwe

Tags

Cybersecurity, privacy and the internet
Regional and international instruments

Year: 2024

Documents

Policy Brief: Addressing The Gaps In The Data Protection, Privacy And Surveillance Legislation..pdf
english
Download View