Précédent 2 / 30 Next

2 Data Protection sectIOn 18. 19. 20. 21. 22. 23. 24. 25. 26. No. 3 Processing of personal data relating to criminal offences, convictions, etc. Part IV—rIGhts OF a Data suBJect right to access personal data right to data portability right to rectification of personal data right to erasure of personal data right to restriction of processing personal data right to object automated decision-making Derogations Part V—DutIes OF a Data cOntrOLLer anD Data PrOcessOr 27. adherence to data protection principles 28. technical and organizational measures 29. record of personal data processing activities 30. Data protection impact assessment 31. Joint data controllers 32. regulation of the relationship between data controllers and data processors 33. Designation of a data protection officer 34. Duties of a data protection officer Part VI—Data securIty 35. security of personal data 36. notification of personal data breach 37. communication of personal data breach to data subjects Part VII—crOss-BOrDer transFers OF PersOnaL Data 38. cross-border transfer of personal data 39. adequacy of protection of personal data 40. Binding corporate rules, certification mechanisms, etc. Part VIII—reGIstratIOn OF Data cOntrOLLers OF MaJOr IMPOrtance anD Data PrOcessOrs OF MaJOr IMPOrtance 41. registration of data controllers of significant importance and data processors of significant importance 42. suspension or cancellation of registration 43. exemptions

Sélectionner le paragraphe cible3

● ● ●

The Data Protection Act 2024.

Law

Status of Law: Final/Active/Current

Country

Malawi

Country Location

Latitude: -13.235028216585723

Longitude: 33.91714876714785

Country Location (Lié Law): Malawi

Keywords

Privacy
Privacy, Data Protection and Retention

Adoption Date: 2 févr. 2024

Type of Law: Legislation

Research Category: II Fundamental Rights and Freedoms

Institution that Established this Law: Malawian Parlimanet

Institution Established by this Law: Data Protection Authority

Is this the Official Copy?: Yes

Source Name and URL: MALAWI.GOV

Notes: The Act is organized into ten distinct parts. It begins with preliminary matters, setting the stage by defining key terms such as "data controller," "data processor," "personal data," and "sensitive personal data." These definitions are crucial as they delineate the scope and applicability of the Act, ensuring that all stakeholders have a clear understanding of their responsibilities and the data subjects' rights.

The administration of the Act is designated to the Malawi Communications Regulatory Authority, identified as the Data Protection Authority. This body is endowed with broad functions and powers, from developing data protection guidelines to promoting public awareness and ensuring compliance through the ability to issue compliance orders.

One of the core elements of the Act is the set of principles governing data processing. These principles emphasize lawful, fair, and transparent processing, along with purpose limitation, ensuring that data is collected for explicit and legitimate purposes and not used in ways incompatible with those original purposes. Additionally, the principles of data minimization and accuracy dictate that only necessary data is collected and that it remains accurate and up-to-date.

The rights of data subjects are robustly protected under the Act. Individuals have the right to access their data, request corrections, and even demand the deletion of their data under certain circumstances. They can also restrict processing or object to the processing of their data, particularly in cases where the processing does not align with the data protection standards set out in the Act.

Duties of data controllers and processors are clearly outlined, focusing on compliance with the data protection principles and the secure handling of personal data. Data controllers are required to perform data protection impact assessments for processing activities that pose high risks to the rights and freedoms of individuals, emphasizing the Act's preventative approach.

Data security is another critical area addressed by the Act. It mandates controllers and processors to implement suitable technical and organizational measures to safeguard personal data. This includes obligations to notify the Data Protection Authority and affected individuals in the event of a data breach.

Cross-border data transfers are strictly regulated, prohibiting the transfer of personal data outside Malawi unless adequate protections are in place. This ensures that personal data is not subjected to jurisdictions with lax data protection standards.

Significant data controllers and processors must register with the Data Protection Authority, a measure aimed at ensuring that entities handling large volumes of data or sensitive information maintain high data protection standards.

Finally, the Act provides mechanisms for complaints and legal redress, allowing individuals to lodge complaints with the Data Protection Authority if they believe their data has been mishandled. It also outlines penalties for non-compliance, emphasizing the Act's enforceability.

Related Analysis

AU DATA POLICY FRAMEWORK

Collection

CIPIT

Date Updated: 6 mai 2024

Complete Name: Data Protection Act [Act No.3 of 2024]

Documents principaux

Data Protection Act 2024.pdf
English
Télécharger Vue