Harare, (New Ziana) –The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) has, since the beginning of this year, certified more than 700 data protection officers as it cements its oversight role in strengthening and safeguarding governance of basic facts and figures.
POTRAZ director Gift Machengete said this at the signing of a Memorandum of Understanding (MoU) with the South African Information Regulator (SAIR) in Harare.
The MoU comes four years after Zimbabwe enacted the Cyber and Data Protection Act to protect individuals’ privacy and the security of data.
“We certified these data protection officers through a program that we have with a local university and the Harare Institute of Technology (HIT). We run this certification together with them. The idea was to ensure that the certificate that is eventually issued is held in high regard, hence, we had to engage reputable institutions of higher learning,” he said.
“When we give someone the Data Protection Officer (DPO) certificate, that document cannot be replicated elsewhere. The certificate is respected in the country’s education system,” he added.
Machengete said POTRAZ also handed over licenses to 570 data controllers from approved entities at its inaugural handover ceremony early last month.
In line with Statutory Instrument 155 of 2024, promulgated in September 2024 (Cyber and Data Protection (Licensing of Data Controllers and Appointment of Data Protection Officers) Regulations), all entities engaged in data processing were required to obtain data controller licences from POTRAZ by 12 March this year.
“After handing out these data controllers’ licences, we then decided to have a roadmap going forward. We resolved to help those who were non-compliant because we realised that punishing them would not lead to compliance,” said Machengete.
“At the end of the day, what we are interested in is compliance, not the funds that may be realised after making them pay fines. We are making them understand the importance of compliance, and our target is to have more data controllers licensed by October this year,” he added.
Machengete applauded Government Ministries and departments for being among the entities that embraced the call for data controllers to be licensed.
“When we started licensing these data controllers, we believed that we would have some serious problems with the public sector, but I am happy to say that they are already on board. That has been a milestone,” he said, adding 45 data breaches had been received as of the end of June.
“Although the reports of data breaches that we received did not involve big cases, it was good progress. That is why we are passionate about collaborating with SAIR, and we believe that the regulator will assist us as we move forward.
“As POTRAZ, we are a triple regulator. We regulate telecommunications, and we started regulating in 2001.We are still moving towards G4 regulation maturity. Right now, we are still at the G3 stage for the simple reason that we are not yet a converged regulator.
We still have broadcasting on its own, and that is the same for telecommunications. When the International Telecommunications Union (ITU) classifies a data user, it looks at that. Convergence will help us to become an efficient regulator,” he said.
New Ziana
