March 4 2022

eSwatini: Data Protection Act introduced

On 4 March 2022, the eSwatini Data Protection Act 41 of 2022 came into force. The purpose of the Act is to provide for the collection, processing, disclosure, and protection of personal data and to align the need to protect personal information privacy with other sector-specific laws.

The Act applies to data controllers and data processors who use automated means in Eswatini to process personal information.

The Act:

Establishes a Commission to administer the Act;
Empowers the Commission to impose sanctions, such as administrative fines, for contraventions of the Act;
Outlines how personal information must be processed and kept;
Set out the circumstances in which processing of personal information may occur, wuch as with the consent of the data subject, in the performance of a contract or legal obligation, to protect the legitimate interests of the data subject/controller, or in the performance of a public law duty;
Outlines the requirements for the retention of personal data;
Emphasises the importance of security measures to protect personal information and requires data controllers to notify the Commission and data subject in the event of an unauthorised data security breach;
Empowers a data subject to request access to their personal information held by a data controller free of charge.

The Data Protection Act can be accessed here.

Please note: The information contained in this note is for general guidance on matters of interest and does not constitute legal advice. For any enquiries, please contact us at [email protected].

eSwatini: Data Protection Act introduced

Related Posts

Africa: AU’s Malabo Convention set to enter force after nine years

South Africa: Information Regulator issues decision about police breach of POPIA

Italy: Data protection regulator halts processing by ChatGPT, citing privacy concerns