Data Protection Act implementation set for October
Four years after it was passed, the Data Protection Act is finally expected to come into play in October.
Speaking at a cyber security seminar on Monday, Data Protection Commissioner, Kepaletswe Somolekae told guests the Act is meant to regulate the protection of personal data and ensure individuals’ privacy in relation to their personal data is maintained.
Further, it will serve to establish the Information and Data Protection Commission, charged with ensuring the Act’s effective application and compliance.
The Commissioner is empowered to obtain from the data controller, on request made in writing, any information or documentation relating to the processing of personal data, and security safeguards of such processing.
Any person who does not comply with the Commissioner’s request would have committed an offence under the Act, and would be liable to a fine not exceeding P100, 000 or to imprisonment for up to three years, or both.
In terms of application, Somolekae explained The Act shall apply to personal information entered by or for a data controller.
However, she pointed out that the Act has limitations in terms of application and does not apply to the processing of personal data in the course of purely personal or household activities.
The Act would also not apply in the processing of personal data by or on behalf of the State where the processing involves national security, defence or public safety, and where the processing is for the prevention, investigation or proof of offences.
The Data Protection Act would further not apply if the data is for economic or financial interest, including monetary, budgetary and matters relating to tax.
The Act, however, is exempt from application to the processing of personal data by or on behalf of the state, to the extent that adequate security safeguards have been established in specific legislation for the protection of such personal data.