Ask Reggi Your Question Now
Can you summarize Data Protection Act, 2021 (in English)?
Zambia Laws - Others > Data Protection Act, 2021 (in English)
Short Summary
The Data Protection Act, 2021 is a comprehensive legislation that regulates the use and protection of personal data in Zambia. It establishes the Office of the Data Protection Commissioner and defines its functions, including the registration and licensing of data controllers, data processors, and data auditors. The Act sets out principles and rules relating to the processing of personal data, such as obtaining consent, processing of sensitive personal data, and collection of personal data. It also outlines the duties of data controllers and data processors, including record-keeping, data protection impact assessments, and security of processing. The Act grants rights to data subjects, such as the right of access, rectification, erasure, objection, and data portability. It also addresses the transfer of personal data outside the Republic and provides for general provisions, including offences, penalties, and the establishment of a register. Non-compliance with the Act may result in significant fines and penalties.
Whom does it apply to?
The Data Protection Act, 2021 applies to data controllers, data processors, data auditors, and individuals whose personal data is being processed.
What does it govern?
The Data Protection Act, 2021 governs the use and protection of personal data, the collection, use, transmission, storage, and processing of personal data, the establishment and functions of the Office of the Data Protection Commissioner, the registration and licensing of data controllers, data processors, and data auditors, the duties of data controllers and data processors, the rights of data subjects, and other related matters.
What are exemptions?
The Data Protection Act, 2021 provides exemptions for processing personal data in the interests of national security, defense, and public order, prevention, detection, investigation, and prosecution of contraventions of law, processing for the purpose of legal proceedings, research, archiving, or statistical purposes, and processing for journalistic purposes.
What are the Penalties?
The Data Protection Act, 2021 imposes penalties for non-compliance, including fines not exceeding one hundred million penalty units or two percent of annual turnover for body corporates, and fines not exceeding one million penalty units or imprisonment for a term not exceeding five years for natural persons.
Jurisdiction
Zambia