By Khulile Thwala
The government of Eswatini is taking steps to ensure citizens’ data is protected at all times.
This momentous turning point for Eswatini was announced by the Ministry of Information, Communication and Technology (ICT) when it appointed the Eswatini Communications Commission (ESCCOM) as the country’s Data Protection Authority.
In her remarks, Minister of ICT Princess Sikhanyiso said ESCCOM had been designated to perform the functions of the Eswatini Data Protection Authority and they did not doubt that as a seasoned regulatory body, ESCCOM would live up to this task.
Worth noting is that the Data Protection Act was enacted in March 2022. ESCCOM has therefore been seized with the powers to administer the Act and enforce compliance.
“This is all new for the country and as you implement the data protection requirements, you will realise that it is for our own good and for the good of the country and will reinvigorate consumer trust in our processes as
well as boosting investor confidence. Having joined a number of other countries in making a commitment towards the protection of personal information,” said the minister.
The protection of personal information is a daunting task owing to the various parties that are involved in the processing of personal data and the rights of the citizens at stake.
It is imperative therefore that there be laws and procedures in place guiding the processing of personal information by all these parties, and most importantly, there has to be a regulatory authority to enforce compliance with the laws and procedures, as well as give guidance towards full compliance.
ESCCOM CEO Mvilawemphi Dlamini says the Act refers to citizens as data controllers or data processors depending on the level at which they process personal data.
“It refers to individuals whose data is being processed as data subjects, and further guarantees those subjects with certain inviolable rights. The Act refers to the Commission in a rather different way from what you have known the Commission to be, it expands its mandate and designates the Commission as the Eswatini Data Protection Authority responsible for administrating the Act and ensuring compliance, but
mostly to ensure that personal information is processed lawfully, and that the rights of data subjects are protected,” he said.
“As the newly established Data Protection Authority, our vision is to be a relevant and effective regulatory body which will create an open society in which individuals feel confident that their right to personal data protection is safeguarded whilst also enjoying their right to freedom of information. We are of the view that privacy is not a nice to have but a necessity.”
Meanwhile, the Ministry of ICT is yet to draft the necessary regulatory frameworks and input of key stakeholders including the public will be required.
By Khulile Thwala