Zimbabwe
Summary
Law: Data Protection Act ('the Act)
Regulator: Postal and Telecommunications Regulatory Authority of Zimbabwe ('POTRAZ')
Summary: The Act was enacted on 3 December 2021, although an official transition period or date for entry into force has not been announced. Initially established under the Postal and Telecommunications Act, POTRAZ has now been designated as the data protection authority responsible for enforcing the processing of personal data in accordance with the Act. In general terms, the Act focuses on breach and data processing notifications to POTRAZ, data security, online conduct, whistleblowers, data transfers, and limited data subject rights. Penalties for contraventions of the Act include a level seven fine of ZWD 120,000 (approx. €292.70) and imprisonment for a period not exceeding seven years. There has also been focus on the development of Zimbabwe's anti-money laundering framework in recent years.