Online Reporter
Judith Phiri, Zimpapers Business Hub
ZIMBABWE’S corporate sector has been urged to implement data protection principles in their operations as these are crucial for legal compliance, maintaining trust and safeguarding sensitive information.
The core principles of data protection include lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality (security) and accountability.
The clarion call comes at a time when cyber threats continue to escalate across Africa, Zimbabwe included, underscoring the urgent need to strengthen cybersecurity infrastructure and data protection frameworks nationwide.
Speaking at the just-ended Computer Society of Zimbabwe (CSZ) Winter School, Cybernesis managing consultant, Mr Taz Chikwakwata, said by adhering to data protection principles, organisations could build a strong foundation for data protection, fostering trust with individuals and mitigating the risks associated with data breaches and non-compliance.
“In Zimbabwe, companies are now required to designate within their rank and file a data protection officer (DPO) to enhance data protection measures.
“DPOs are responsible for overseeing an organisation’s compliance with data protection laws and regulations.
They act as a point of contact for data subjects and the Data Protection Authority,” he said.
He said that following the introduction of Statutory Instrument (SI) 155 of 2024, new regulations on data protection licensing and data protection officers in Zimbabwe came into effect.
Mr Chikwakwata said the Postal and Telecommunications Regulatory Authority of Zimbabwe (Potraz) had also laid out its enforcement roadmap for data protection compliance.
“This signals a structured yet firm approach to ensuring adherence to the Cyber and Data Protection Act (CDPA). With a mix of advisory measures and escalating penalties, the regulator aims to foster a culture of accountability among data controllers while cracking down on persistent violators,” he added.
He added there was a clear timeline of enforcement actions, beginning with voluntary compliance measures in 2025 and culminating in stricter penalties, including fines and criminal sanctions by 2026.
As a cybersecurity and information technology (IT) management professional with over 15 years of experience, Mr Chikwakwata encouraged organisations to voluntarily comply before resorting to punitive measures, as some businesses were still adapting to data protection requirements.
Cybersecurity expert, Mr Isheanesu Sithole, emphasised the need for conducting a data protection risk assessment and developing mitigation strategies.
He said these involved systematically identifying, analysing, and addressing potential threats to personal data.
“This process helps organisations comply with data protection regulations, protect sensitive information and minimise the impact of data breaches.
“By adopting a practical approach, businesses can effectively secure their data, identify and mitigate risks and maintain compliance,” he said.
“Understanding the various factors that contribute to privacy risk, such as inadequate technical measures, social media attacks, negligence and the lack of encryption, is crucial in managing data protection effectively.”
The winter school was themed: “Building Cyber Resilience: Data Protection in the Face of Evolving Threats”, raising awareness on cybersecurity, digital forensics and robotic process automation among other ICT-related issues.
