By 
By Ross Moyo
Zimbabwe’s Cyber and Data Protection Act [Chapter 12:07] is poised for data protection in the country. The Act provides a framework for the protection of personal information and the regulation of data processing.
The media is not automatically exempt from the application of the CDPA in totality. According to Tsitsi Mariwo, POTRAZ Director Data Protection, “The Act applies to any organisation that processes personal information relating to living individuals, including media institutions.”
“The CDPA strengthens responsible journalism; it does not weaken it,” said Mariwo, emphasizing the importance of balancing freedom of expression and the right to privacy.
The Act outlines key provisions, including the designation of POTRAZ as the Data Protection Authority, data protection principles, rights of data subjects, and obligations of controllers.
Media institutions are required to implement clear data protection policies, train staff on lawful processing, and conduct risk assessments when handling sensitive data.
The Act also provides exemptions applicable to all data controllers, including defence of a legal claim, meeting a legal obligation, and performing a task carried out in the public interest.
Journalists and editors must balance public interest vs privacy and document reasoning for exceptions. Incident response protocols for data breaches are also essential.
Staying updated on local and international data protection regulations is crucial for media institutions.
Comments