5. Concluding Observations The paper has reinforced most pressing issues for data privacy and data protection authorities in Southern Africa. And as observed from literature and interviews, the laws and policies must be updated to answer to the many new emerging issues, not only issues such as big data, but as new issues will continue to emerge, and relevant laws will be required.71 Again, the emerging issues might not be resolved by data protection laws only because data is implicated, this is the case with many of the emerging technologies such as the large language models (LLM) like ChatGPT. The existing challenges for data protection authorities means they are not singularly best placed to respond to these emerging issues, but they still have a critical role to play. In most countries data protection authorities are faced with operational challenges including technical, financial and enforcement capabilities. These challenges in most instances stem in from the poor and weak enabling laws which do not provide sufficient independence to the DPAs. While the review and amendment of these laws is slow and impossible, Parliaments must insist on provision of adequate technical and financial resources to the DPAs. Furthermore, since most constitutions in SADC region provide for the right to privacy, which must be protected albeit limitations, DPAs must therefore report directly to Parliament as they are safeguarding constitutional rights; that is the right to privacy and right to data protection.72 The SADC has a non-binding model law on data protection, and as a region continues to lag behind in terms of developing an enforceable data protection regime. The model law has been under review, and one recommendation that must emerge from the review includes adopting a protocol on data protection in SADC, which includes a regional data protection authority, capable of assessing country laws for advancing an adequacy data region regime. The SADC Protocol on Data Protection must be automatically enforced by virtue of SADC membership and not open to ratification for existing members.73 This will reduce the time required to enforce the protocol.74 In addition, SADC must provide technical support to member states to allow for the alignment of laws with the new SADC Protocol on Data Protection. The adoption of a SADC Protocol on Data Protection can be complimented by a more refreshed protocol on new technologies which seeks to create a robust policy framework that is more regulatory anticipatory than prescriptive. There are lessons from other economic blocs such as the EU touted as a leader in Interview GS, January Only Mozambique includes data protection as a constitutional right. ECOWAS used an approach of a supplementary act to the ECOWAS Treaty removing the ratification requirement. These are lessons from the AU Malabo Convention which has taken long to be ratified and enter into force. PAGE