of tackling different kinds of data issues, breaches, provide guidance to controllers and data processors, who might include data brokers, social media companies, government agencies, among others. Being independent in this regard requires a high degree of financial and technical independence, and not being susceptible to political or economic influence. Second, to achieve this level of independence, the appointment and constituting of the DPA must not only be independent, but it must be seen to be independent. Though most DP laws provide that the DPA must not be subject to the control or direction of any person, this statement is not convincing for various reasons. First, the budgets of most of these DPAs are decided by the executive through a minister. This is the case with South Africa's Information Regulator under the Protection of Personal Information Act (POPIA). In a recent move, South Africa's Parliament called for the IR to not rely on the policies and procedures of the Department of Justice and Constitutional Development (ministry of justice) as this showed lack of independence, as the IR must report and account directly to Parliament. In terms of financial independence, the IR is not recognised as a public entity or constitutional institution in terms of the 10 Public Finance Management Act (PFMA) , which means it can only receive funding to perform its functions through the ministry of justice. Comparatively, the South African IR is perceived to be the most proximate of what constitutes an independent DPA in Southern Africa, but the role of central government or ministry is consistent with the required institutional independence and further the ministry of justice is a data controller and must be accountable to the IR on how it processes information. This current relationship does not augur for accountability. The financing of DPAs is similar to many of the countries under review.11 A number of African countries are not establishing new DPAs', existing communications commission or regulatory bodies are mandated to implement the DP law. Zimbabwe, CDPA section 5 designates an existing body, the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) established under the Postal and Telecommunications Act (PTA) to be the data protection authority. The CDPA does not change the composition nor procedure to composition POTRAZ of which the Minister and President have significant influence on POTRAZ under PTA but will now supposedly not influence the direction of POTRAZ under the CDPA. Government authorities justified this Other constitutional institutions recognised by PFMA includes the Public Protector; the Human Rights Commission; the Commission for the Promotion and Protection of the Rights of Cultural, Religious and Linguistic Communities; the Commission for Gender Equality; the Independent Electoral Commission; the Independent Broadcasting Authority; the Financial and Fiscal Commission; the Commission on the Remuneration of Persons Holding Public Office; the Pan South African Language Board; the Municipal Demarcation Board. The financing is through line ministries such as Justice or Information or generally public service commission. PAGE