EZULWINI – The Eswatini Communications Commission (ESCCOM) designated as the Eswatini Data Protection Authority (EDPA) through the Data Protection Act, 2022, has awarded registration certificates to 19 more companies.
This occurred on Thursday, June 6, 2024, at the Royal Villas in Ezulwini during a breakfast meeting the authority held with representatives of the organisations awarded.
In his remarks, ESCCOM Chief Executive Officer (CEO) Mvilawemphi Dlamini who also heads the EDPA, thanked the data controllers and data processors present at the event. He mentioned that the last time they met in this fashion was in April when they handed over the first registration certificates under the Data Protection Act 2022, to 14 entities.
“You are the second batch of data controllers and data processors to receive registration certificates since we opened the window period on March 1, 2024. As the EDPA we are pleased to observe the positive uptake of the registration process and the way entities have embraced this compliance requirement. Besides that the registration is one of the legal requirements of the Act, it is also a simple way of informing the Authority that as an entity you are processing personal information, the categories of information you process, the technical and organisational measures you have in place to protect the integrity of the personal data you process, amongst other things,” he said.
Dlamini added that registration was therefore one of the biggest steps in complying with the Act and all the awarded organisations had already put one foot on the pedestal and riding with them on the train to compliance. Compliance with the data protection Act, he said, will boost their brand and gain trust from the public.
“The public who are your data subjects will have confidence that their personal data in your possession is safe from unauthorised access or disclosure. We have noted the diversity in the entities that will receive certificates as you come from different sectors, such as utilities, local municipalities, insurance, banking, telecommunications, and Fintechs, recreational and entertainment, social security, health and regulators, amongst others,” he said.
He highlighted that some of these entities process vast amounts of personal data daily, including sensitive data, and their commitment to comply was greatly appreciated by the EDPA. The CEO said they were grateful that the various lines of business have realised that they were processing personal data, and have to comply with the Act, either as data controllers or data processors.
“We would like to also take the opportunity to commend ESHERC as a regulator for institutions of higher education for leading by example and we trust that they will also encourage the institutions they regulate to register before the end of the registration period. We also encourage other data controllers and data processors to follow suit and grab the registration opportunity within the registration window period ending September 30, 2024.”
He said the online registration has been made easy, testament was the number of account activation and registration, and said they still made a call to those who have not yet paid their registration fees to do so in order to be issued with registration certificates. He said they wanted to extend their special gratitude to the media who had assisted the EDPA in carrying out the message and encouraging entities to comply and these messages had resulted on the day’s event.
“To the recipients, we assure you that the EDPA will provide you with all the regulatory support you may need on your journey to compliance as our approach is to create an enabling environment for you to comply. We will continue to issue regulatory frameworks now and again in the form of directives, guidelines, decisions, codes and other incidental frameworks aimed to create such an environment and, in this process, we will always require your participation and input. Our message to everyone is ‘if you can’t protect it, don’t collect it’.”
Meanwhile, data protection is the process of safeguarding important data from corruption, unlawful disclosure, compromise or loss and providing the capability to restore the data to a functional state should something happen to render the data inaccessible or unusable. Data protection rules apply to personal data that can identify individuals, such as their name, ID number, email address, or their address. Therefore, data protection is essential for security, privacy, compliance, as well as for innovation and trust in today’s digital economy.
Data laws vary across countries and Eswatini has enacted the Data Protection Act, 2022 which designates Eswatini Communications Commission (ESCCOM) as the Data Protection Authority, guarantees rights of data subjects and lays down principles for the processing of personal information.
The Data Protection Act, 2022 designates Eswatini Communications Commission as the National Data Protection Agency, meaning the Commission is mandated to regulate how personal information is handled, investigate breaches in the handling of information and resolve any complaints relating to breaches. In doing so the Commission may issue any sanction available in terms of the Act and may as well impose administrative fines whilst enforcing the Act’s provisions.
The list of organisations awarded;
- The Tax Lab
- Mbabane Club
- Oracle Insurance
- Standard Bank
- United General Limited
- Workpay Africa
- Sincemphetelo MVA
- United Life Assurance Limited
- United Pay Limited
- Phoenix Swaziland
- Eswatini RE Limited
- Music Hertz
- Yati Printing
- Matsapha Town Council
- Eswatini Water Services Corporation
- Eswatini Mobile
- Eswatini Higher Education Council
- First National Bank
- MTN Fintech Services Eswatini
Discussion about this post