Join our community for free to access exclusive whitepapers, reports, and regulatory information.
By signing up you agree to OneTrust DataGuidance's Terms and Conditions and Privacy Policy.
Already have an account? Log in
Already have an account? Log In
21 October 2021OneTrust DataGuidance confirmed, on 20 October 2021, with Senwelo Monise, Associate Attorney at Botlhole Law Group, and Lesedi Dingake, Associate at Desai Law Group, that It was announced, on 15 October 2021, in the Botswana Government Gazette, that the Data Protection Act (Act No. 32 of 2018) ('the Act') came into effect, upon the issuance of the Data Protection Act (Commencement Date) Order 2021 by the Minister of Presidential Affairs, Governance and Public Administration. Monise stated, "The material scope of the Act is undoubtedly personal data. Its territorial scope on the other hand extends to personal data entered into a file for a data controller established in Botswana or not established in Botswana but makes use of processing means situated within Botswana. The household exemption is applicable to personal data processed for purely personal and household activity."
On the responsibilities of data controllers and processors under the Act, Monise highlighted, "Data controllers and data processors in processing personal data have to take into consideration the lawfulness and fairness of processing, purpose limitation, retention limitation, data minimisation, relevance and adequacy of personal data, integrity and confidentiality of personal data. The lawful basis for processing sensitive personal data is distinguished from the lawful basis for processing any other personal data that are no sensitive in terms of the Act. By virtue of the Act the data subject is afforded the right to be informed, the right to access, the right to be given reasons if the access is denied, the right to object and revocation of consent and the right to raise a challenge for purposes of deletion and amendment. Unlike the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), the data subjects are not afforded the right to data portability. Its contrast with the GDPR also relates the establishment of the Data Protection Representative instead of the Data Protection Officer, the responsibilities are however similar."
Lastly, Monise confirmed that the Act's transition period is 12 months from the date of commencement and will automatically end on 15 October 2022, meaning that data controllers, including companies, have to start their compliance journey now.
You can read a portion of the Government Gazette here and the Act here.
