News / National
Data crackdown looms: Potraz targets unlicensed data handlers
6 hrs ago |
183 Views
The Postal and Telecommunications Regulatory Authority of Zimbabwe has issued a strong warning to organisations still processing personal data without a licence, urging immediate compliance with the country's data protection laws.
In Regulatory Notice 1 of 2026, the authority reminded businesses and individuals that the mandatory licensing requirement, introduced under the Cyber and Data Protection Act, came into force following the promulgation of Statutory Instrument 155 of 2024. Under the regulations, all entities that process personal data were required to obtain a Data Controller Licence by March 12, 2025.
However, POTRAZ expressed concern that some organisations continue to operate without the necessary authorisation, despite the expiry of the compliance deadline. As the designated Data Protection Authority under the Act, POTRAZ said it is now moving to enforce full compliance.
The licensing requirement applies to both natural and legal persons that process personal data within Zimbabwe or from abroad, including through print, electronic, surveillance and biometric systems. The regulator stressed that all non-exempt entities must regularise their operations immediately by applying for an initial licence or renewing an existing one.
POTRAZ emphasised that licensing is not merely a legal obligation, but a key indicator of an organisation's commitment to protecting the personal data of its stakeholders.
"Licensing as a Data Controller is not just a statutory obligation; it is a demonstration of your commitment to safeguarding personal data entrusted to you by all your stakeholders," the authority noted, urging organisations to act without delay.
To facilitate compliance, POTRAZ has provided an online application platform for licences and offered direct contact channels for guidance and support. The authority also encouraged all affected organisations to ensure they meet the requirements of the law to avoid potential enforcement action.
The notice signals a tightening regulatory environment as Zimbabwe continues to strengthen oversight of data protection and privacy in line with global standards.
In Regulatory Notice 1 of 2026, the authority reminded businesses and individuals that the mandatory licensing requirement, introduced under the Cyber and Data Protection Act, came into force following the promulgation of Statutory Instrument 155 of 2024. Under the regulations, all entities that process personal data were required to obtain a Data Controller Licence by March 12, 2025.
However, POTRAZ expressed concern that some organisations continue to operate without the necessary authorisation, despite the expiry of the compliance deadline. As the designated Data Protection Authority under the Act, POTRAZ said it is now moving to enforce full compliance.
The licensing requirement applies to both natural and legal persons that process personal data within Zimbabwe or from abroad, including through print, electronic, surveillance and biometric systems. The regulator stressed that all non-exempt entities must regularise their operations immediately by applying for an initial licence or renewing an existing one.
"Licensing as a Data Controller is not just a statutory obligation; it is a demonstration of your commitment to safeguarding personal data entrusted to you by all your stakeholders," the authority noted, urging organisations to act without delay.
To facilitate compliance, POTRAZ has provided an online application platform for licences and offered direct contact channels for guidance and support. The authority also encouraged all affected organisations to ensure they meet the requirements of the law to avoid potential enforcement action.
The notice signals a tightening regulatory environment as Zimbabwe continues to strengthen oversight of data protection and privacy in line with global standards.
Source - Byo24News
Join the discussion
Loading comments…
