No. 3 Data Protection (Published 2nd February, 2024) Act No. 3 of 2024 I assent Dr. Lazarus Mccarthy chakwera PresIDent 31st January, 2024 sectIOn arranGeMent OF sectIOns Part I—PreLIMInary 1. short title and commencement 2. Interpretation 3. application 4. 5. 6. 7. Part II—aDMInIstratIOn Designation of Data Protection authority Functions of the authority Powers of the authority advisory committees Part III—PrIncIPLes reLatInG tO the PrOcessInG OF PersOnaL Data 8. Personal data to be processed lawfully, fairly, etc. 9. Purpose limitation 10. Data minimization 11. Data accuracy 12. storage limitation 13. Data integrity and data confidentiality 14. Principles for determining the validity of consent 15. Provision of information to a data subject 16. Processing of sensitive personal data 17. Processing personal data of children and other legally incapacitated persons 1

Select target paragraph3