Section 48(2) goes on to state that "notwithstanding the generality under subsection (1), the Minister may by Order published in the Gazette, designate the transfer of personal data to any country listed in such order". Based on this provision the Minister issued a list of countries that were designated for transfer of personal data. What is not clear is whether the designation is based on some criteria or purely on the basis of the ministerial discretion. This is because section 49(1) states that. without prejudice to section , and subject to provisions of this Act, the transfer of personal data that is undergoing processing or intended processing, to a third country to which the data is transferred ensures an adequate level of protection. The determination of adequacy is based on an assessment by the Commissioner in light of all surrounding circumstances, and transfer to a country not providing adequate protection is prohibited under section 49(4) however exceptions under section 49(5) provided such as performance of a contract, public interest, or vital interest of data subject, and alternatively the Commissioner can approve transfer to a country that does not ensure adequate level of security safeguards. The second observation is that the Ministerial Order designated 45 countries which are European Union and Council of Europe member states, and the UK, New Zealand, Israel, Japan, Isle of Man, Guernsey, Switzerland, Uruguay, Republic of Korea, Andorra, Argentina, the Faroe Islands, and Jersey. Only two African countries were listed South Africa, and Kenya with South Africa being the only SADC member state. There is only assumption of why these countries were listed, which is the adoption of the GDPR laws or its application for EU member states or the Council of Europe members to the Convention 108(+). South Africa and Kenya have adopted Protection of Personal Information Act, 2013 (POPIA) and Kenya Data Protection Act, 2019. The precedent set by Botswana creates challenges for data protection authorities at regional level and the development of a shared data economy and an integrated regional economic community: • • What are the reasons and grounds for the minister to designate other countries as destination and not, especially when leaving several other SADC and African states that already have data protection laws? What are the roles of DPAs is designing the assessment criteria to be followed for the designation of transfers to other countries, and does the ministerial designation constitute a confirmation of adequate protection. PAGE