the authority of Heads of State and Government in Abuja.5 SADC has maintained its model law, with implications for enforcement and regional integration, as a model law is not enforceable. Furthermore, at the continental level, the adoption of the African Union Convention on Cybersecurity and Data Protection, (the Malabo Convention) has not resulted enjoyed significant ratification by SADC countries.6 The Malabo Convention faces delays in ratification, and in an interview one key informant observed that it's a combination of lack of interest and understanding of the opportunities being missed by countries in advancing the formation of a single digital market.7 As of 2023, at least 12 of the SADC countries had adopted a data protection law, and the remaining namely Namibia, Malawi, Democratic Republic of Congo had draft laws and Mozambique and Comoros were beginning drafting. More notable however is that all countries have constitutional provisions protecting the right to privacy and privacy of communications, with Mozambique, being more specific in that its constitution is the only one providing for data protection under article 71, and it further requires that there is a law that provides for access, generation, protection, and use of computerised personal data. This is significant. The implementation of data protection laws has been driven by various factors including the demands for countries to be prepared for the information and data revolutions underway, to harnessing the economic dividends presented by data protection. The influence of the EU or economic interests cannot be overruled; however, the report does not detain itself on this issue, but the intention to understand the different old and contemporary challenges to data protection. The report looks at the following countries with data protection laws; Zimbabwe Cyber and Data Protection Act (CDPA) of 2021; Botswana Data Protection Act (BDPA) of 2018; Zambia Data Protection Act (ZDPA) of 2021; Mauritius Data Protection Act (MDPA) of 2017; Lesotho Data Protection Act (LDPA) of 2011; Eswatini Data Protection Act of 2022 (EDPA); South Africa: Protection of Personal Information Act (POPIA) of 2013.8 In addition to these data protection laws, some of the countries have retained statutes that either complement or constraint data protection. These laws include laws allowing for use of personal data for security purposes without sufficient oversight, the bulk interception and surveillance of communications, A/SA. / / adopted in Abuja on the th day of February . As of February , of the SADC countries only countries namely Zambia, Mozambique, Angola, Mauritius, and Namibia had ratified the Malabo Convention. Interview with SG, Nigeria, January . As most of the laws are all called Data Protection Acts, to distinguish them, each abbreviation of the Act in this paper is preceded by the initial of the country, as LDPA Lesotho ; ZDPA Zambia ; MDPA Mauritius ; BDPA Botswana , with the exception of Zimbabwe and South Africa with different names. PAGE