Cyber and Data Protection Act (Zimbabwe)
CDPA Compliance vChapter 12:07 (2021)
About
Zimbabwe Cyber and Data Protection Act [Chapter 12:07].
The Cyber and Data Protection Act, Chapter 12:07 (CDPA) is Zimbabwean legislation enacted in December 2021 that consolidates the country's framework for cybercrime, electronic transactions, and personal data protection in a single statute. The Act amends the Postal and Telecommunications Act and designates the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) as the Data Protection Authority, while establishing a Cyber Security Centre to coordinate response to cyber incidents.
The data-protection part of the Act introduces principles familiar from the EU GDPR and South African POPIA: lawful and fair processing, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. It establishes data-subject rights of access, correction, and objection, and requires data controllers to register with POTRAZ and to notify breaches. The cybercrime part criminalises offences such as hacking, unauthorised data interception, transmission of intimate images without consent, and electronic forgery.
For heritage and archival institutions in Zimbabwe, the CDPA imposes obligations whenever personal information about donors, researchers, depositors, or staff is processed, and shapes how digital collections containing identifying material may be made available online.
[Editor draft - based on canonical knowledge of the Act; verify against the Government of Zimbabwe Gazette before applying to compliance decisions.]
The data-protection part of the Act introduces principles familiar from the EU GDPR and South African POPIA: lawful and fair processing, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. It establishes data-subject rights of access, correction, and objection, and requires data controllers to register with POTRAZ and to notify breaches. The cybercrime part criminalises offences such as hacking, unauthorised data interception, transmission of intimate images without consent, and electronic forgery.
For heritage and archival institutions in Zimbabwe, the CDPA imposes obligations whenever personal information about donors, researchers, depositors, or staff is processed, and shapes how digital collections containing identifying material may be made available online.
[Editor draft - based on canonical knowledge of the Act; verify against the Government of Zimbabwe Gazette before applying to compliance decisions.]
Details
- Issuing body POTRAZ / Parliament of Zimbabwe
- Current version Chapter 12:07
- Publication year 2021
- Sector applicability Archive Library Museum Gallery Dam