The Data Protection Act guides how personal information is to be handled or “processed”. It protects the handling of personal information whilst ensuring legal disclosure.
The Act has designated the Commission as the National Data Protection Agency, meaning the Commission is mandated to regulate how personal information is handled, investigate breaches in the handling of information and resolve any complaints relating to breaches. In doing so the Commission may issue any sanction available in terms of the Act and may as well impose administrative fines whilst enforcing the Act’s provisions.
Object: An Act to provide for the collection, processing, disclosure and protection of personal data and establishment of a Data Protection Agency
Application: The act applies to data processors and data controllers
Data Processor: A natural or legal person, or public body which processes personal information for and on behalf of a data controller and under the instructions of a data controller
Data Controller: A public/ private body which determines the purpose of and means for processing personal information, regardless of whether or not such data is processed by that party or by a data processor on its behalf, where the purpose and means of processing are determined by law
Data Protection Agency: The Act designates Eswatini Communications Commission (ESCCOM) as Data protection Agency (S.5)
Personal Information: Information about race, national or ethnic origin, region, age, marital status; Education, medical, criminal, employment, financial; Unique ID, symbol; Address, fingerprint, blood type.
Sensitive personal information: Genetic data, data related to children, data related to offences, criminal records or security measure, biometric data as well as if it is processed for what it reveals, personal information revealing ethnic or racial origin, political opinions or affiliations, religious or philosophical beliefs, affiliation, trade union membership, gender and data concerning health or sex life.
Processing: Means an operation or activity or set of operations whether or not by automatic means relating to: – Collection, receipt, recording, organization, collation, storage, updating, retrieval, modification, alteration, consultation or use; Dissemination through transmission, distribution or availing in any other for; Merging, linking, blocking, degradation, erasure or destruction of information.