MALAWI'S DATA PROTECTION AND
PRIVACY POLICY
Contents
1. Introduction...........................................................................................1
2. Definitiions.............................................................................................2
3. Law and Authority.................................................................................2
4. Functions...............................................................................................3
5. Registration...........................................................................................3
6. Legal Bases............................................................................................3
7. Data Subject’s Rights............................................................................3
8. Data Transfer.........................................................................................3
9. Electronic Marketing..............................................................................4
10. Data Security.......................................................................................4
11. Data Protection Officer (DPO)..............................................................4
12. Data Breach Notification:...........................................................................4
13. Data Retention...........................................................................................4
14. Exceptions to the Rights of Persons:..........................................................5
15. Penalties and Enforcements......................................................................5
Conclusion....................................................................................................6
1. Introduction
Done: Omiat Abel
, Malawi's Data Protection Act was enacted in 2024, establishing a
comprehensive legal framework to protect personal data and regulate how
organizations process it. The law defines key concepts such as personal data
(any information relating to an identifiable person), processing (any
operation performed on data, such as collection, storage, or dissemination),
and data subjects (the individuals whose data is being processed). The Act
emphasizes the importance of consent, transparency, and accountability in
data processing to safeguard individuals' privacy rights
2. Definitiions
Malawi's Data Protection Act (2024) establishes key definitions to regulate
the processing of personal data and protect individuals' privacy. The Act
introduces several important terms:
Personal Data: Any information relating to an identified or identifiable
natural person. This can include names, identification numbers,
location data, or any other data that could identify a person directly or
indirectly.
Data Subject: The individual whose personal data is being processed.
This can be anyone who provides personal information, such as
consumers, employees, or citizens.
Processing: Any operation performed on personal data, whether by
automated or manual means. This includes collection, recording,
storage, adaptation, retrieval, and dissemination of data.
Data Controller: The entity (individual, organization, or public body)
that determines the purposes and means of processing personal data.
The data controller is responsible for ensuring compliance with the Act.
Data Processor: Any individual or organization that processes data
on behalf of the data controller. Processors act under the controller’s
authority and instructions, managing data for specific purposes.
Consent: A freely given, informed, and explicit agreement by the data
subject to allow the processing of their personal data for specific
purposes. Consent must be revocable and well-documented.
3. Law and Authority
Malawi's Data Protection Act is enforced by the Malawi Communications
Regulatory Authority (MACRA), which is responsible for ensuring that
organizations comply with the law and overseeing data protection practices.
MACRA acts as the Data Protection Authority (DPA), tasked with
Done: Omiat Abel
PRIVACY POLICY
Contents
1. Introduction...........................................................................................1
2. Definitiions.............................................................................................2
3. Law and Authority.................................................................................2
4. Functions...............................................................................................3
5. Registration...........................................................................................3
6. Legal Bases............................................................................................3
7. Data Subject’s Rights............................................................................3
8. Data Transfer.........................................................................................3
9. Electronic Marketing..............................................................................4
10. Data Security.......................................................................................4
11. Data Protection Officer (DPO)..............................................................4
12. Data Breach Notification:...........................................................................4
13. Data Retention...........................................................................................4
14. Exceptions to the Rights of Persons:..........................................................5
15. Penalties and Enforcements......................................................................5
Conclusion....................................................................................................6
1. Introduction
Done: Omiat Abel
, Malawi's Data Protection Act was enacted in 2024, establishing a
comprehensive legal framework to protect personal data and regulate how
organizations process it. The law defines key concepts such as personal data
(any information relating to an identifiable person), processing (any
operation performed on data, such as collection, storage, or dissemination),
and data subjects (the individuals whose data is being processed). The Act
emphasizes the importance of consent, transparency, and accountability in
data processing to safeguard individuals' privacy rights
2. Definitiions
Malawi's Data Protection Act (2024) establishes key definitions to regulate
the processing of personal data and protect individuals' privacy. The Act
introduces several important terms:
Personal Data: Any information relating to an identified or identifiable
natural person. This can include names, identification numbers,
location data, or any other data that could identify a person directly or
indirectly.
Data Subject: The individual whose personal data is being processed.
This can be anyone who provides personal information, such as
consumers, employees, or citizens.
Processing: Any operation performed on personal data, whether by
automated or manual means. This includes collection, recording,
storage, adaptation, retrieval, and dissemination of data.
Data Controller: The entity (individual, organization, or public body)
that determines the purposes and means of processing personal data.
The data controller is responsible for ensuring compliance with the Act.
Data Processor: Any individual or organization that processes data
on behalf of the data controller. Processors act under the controller’s
authority and instructions, managing data for specific purposes.
Consent: A freely given, informed, and explicit agreement by the data
subject to allow the processing of their personal data for specific
purposes. Consent must be revocable and well-documented.
3. Law and Authority
Malawi's Data Protection Act is enforced by the Malawi Communications
Regulatory Authority (MACRA), which is responsible for ensuring that
organizations comply with the law and overseeing data protection practices.
MACRA acts as the Data Protection Authority (DPA), tasked with
Done: Omiat Abel
