6.2 Production of guidelines through consultation process Data controllers and processors in most countries are deprived of sufficient guidance on critical matters. The DPAs must organise sector specific forums, which will enhance design and development of guidelines, such as for the banking, insurance, medical, and non-profit sector among others. More technical guidelines such as authorisation of processing of sensitive data or data transfers can be developed with DPAs leading. Most of the laws already provide for sector lead efforts in designing codes of conducts, however this has not commenced in most countries, or at the very least there is no publicly available information. 6.3 Coordination of multiple bodies and multiple laws The DPAs are in some instances tasked with implementing two laws such as South Africa's Information Regulator overseeing PAIA and POPI concurrently, or Zimbabwe established as communicators authority with more than 15 other assignments, and additional tasks under the CDPA. Further, in most countries, other laws exist which are protecting data and might not necessarily be under the purview of the DPA. To exercise sufficient oversight of all these laws, DPAs must develop internal coordination protocols and processes with other bodies to allow for effective privacy protection, including how disputes, and complaints are resolved. 6.4 Regional platforms for coordination and lessons sharing. SADC as bloc is one of the least integrated economic blocs and also one of the youngest comparatively. The adoption of a data protection protocol is necessary. This protocol must be forward looking and anticipatory of other and emerging challenges to reduce the review and revisions that slow down regional protocol development. The protocol must incorporate a regional data protection authority for development regional guidelines and cooperation. PAGE