Privacy Law at Botswana
Botswana's Data Protection Act 18 of 2024 came into effect on 14 January 2025, replacing the earlier 2018 legislation. This updated law establishes a comprehensive framework for the protection of personal data, emphasizing transparency, accountability, and individual rights.
📌 Key Provisions of the Data Protection Act 18 of 2024
1. Scope and Applicability
Domestic and International ReachThe Act applies to all entities processing personal data in Botswana, as well as to foreign entities offering goods or services to individuals in Botswana or monitoring their behavior within the country
Exemptions:The Act does not apply to personal or household data processing, national security activities, or processing for journalistic, artistic, or literary purposes
2. Data Subject Rights
Individuals are granted the following rights:
Access:Right to access personal data held by data controllers
Objection and Restriction:Right to object to or restrict the processing of personal data
Data Portability:Right to receive personal data in a structured, commonly used, and machine-readable format
Protection from Automated Decisions:Right to not be subject to decisions made solely based on automated processing
3. Obligations of Data Controllers and Processors
Lawful Processing:Personal data must be processed lawfully, fairly, and transparently
Data Protection by Design and by Default:Implement appropriate technical and organizational measures to ensure data protection principles are integrated into processing activities
Data Protection Impact Assessments (DPIAs):Conduct DPIAs for processing activities that may result in high risks to individuals' rights and freedoms
Appointment of Data Protection Officers (DPOs)Appoint DPOs for large-scale or sensitive data processing activities
4. Data Breach Notification
Notification to the Commission:Data controllers must notify the Information and Data Protection Commission within 72 hours of discovering a data breach
Notification to Data Subjects:Affected individuals must be informed without undue delay if the breach poses a high risk to their rights and freedoms
5. Cross-Border Data Transfers
Conditions for Transfer:Transfers of personal data outside Botswana are permitted only to countries or organizations that provide adequate data protection measures or under specific safeguards, such as binding corporate rules or standard contractual clauses
Data Localization: copy of the personal data must be retained in Botswana during the processing period
6. Penalties for Non-Compliance
Administrative Fines:Fines up to BWP 50 million or 4% of global turnover, whichever is higher, for violations related to basic processing principles, data subject rights, and cross-border data transfers
Criminal Penalties:Imprisonment for up to 12 years and fines up to BWP 1 million for serious violations, such as unauthorized processing of sensitive personal data
🏛️ Enforcement Authority
The Information and Data Protection Commission is responsible for overseeing compliance with the Data Protection Act, providing guidance, and enforcing its provision.
✅ Summary
Botswana's Data Protection Act 18 of 2024 establishes a robust legal framework for the protection of personal data, aligning with international standards such as the EU's GDP. Organizations operating in Botswana or processing the personal data of individuals in Botswana must ensure compliance with the Act to safeguard individuals' privacy rights and avoid potential penaltie.
RELATED Blog
0 comments