Support Centre

Zimbabwe: MISA Zimbabwe comments on data protection and cybersecurity bill

The Media Institute of Southern Africa Zimbabwe ('MISA Zimbabwe') published, on 19 May 2020, its commentary ('the Commentary') on the gazetted Cybersecurity and Data Protection Bill ('the Bill'). In particular, MISA Zimbabwe noted, among other things, that Sections 5 and 7 of the Bill seek to establish the Postal and Telecommunications Authority of Zimbabwe ('POTRAZ') as the Cybersecurity Centre and Data Protection Authority ('the Authority'), that the processing of sensitive information, including genetic data, health data, and biometric data is prohibited, and that, under Section 19 of the Bill, in case of a security breach, the data controller should notify the Authority without undue delay. In addition, MISA Zimbabwe highlighted that under the Bill, data controllers are obliged to appoint a data protection officer ('DPO') and to notify the Authority before undertaking any wholly or partly automated operation. Moreover, MISA Zimbabwe noted that the Bill criminalises the use of a computer or information system to avail, broadcast, and distribute data while knowing that said data is false. Lastly, MISA Zimbabwe called for further refinement of the law to bring it in line with international policy guidelines on cybersecurity and data protection.  

You can read the Commentary here