Firm Details

Armstrongs Attorneys
+267 395 3481
2nd Floor, Acacia House, Plot 74358, Cnr Khama Crescent Ext and P G Matante Road, New CBD
+267 395 2757
English, Setswana

The A-B-C’s of Achieving Compliance with the Data Protection Act

In the age of information technology, where the lifeline of a business is storing information in servers and the cloud, hackers are now increasingly accessing millions of data belonging to businesses and demanding ransom payments. This is now a growing trend in Botswana, with a few businesses having been on the receiving end of extortion by hackers.

We hope that will soon be combated as the Botswana business landscape braces for a new dawn once the Data Protection Act of Botswana (“DPA”), which was passed into law on 15 October 2021, becomes fully in force after 14 October 2024.

The DPA’s main objective is to ensure that personal data is processed in a lawful manner. In this regard, personal data is defined as information relating to an identified or identifiable individual, which can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural, or social identity.

The DPA also seeks to protect individuals against unlawful processing of their sensitive personal data. This includes personal data that reveals, among other things, an individual’s racial or ethnic origin, physical or mental health, membership of a trade union, personal financial information, political opinions, genetic data, biometric data, and personal data of minors, among others.

With this in mind, businesses, especially those which deal with a great deal of people’s information, have a few months to ensure that they will be compliant with the DPA.

The big question, however, is how can a business accomplish this. First of all, you need an experienced team of lawyers with commanding experience in dealing with data protection law solutions and also to elect an internal resource which will lead the implementation project for your business.

At a very high level, the process essentially comprises:

  • The starting point is a risk assessment exercise which will be conducted on the business, particularly the business activities that pertain to the processing of personal data. This includes assessing information provided from completed data protection information gathering surveys and related documentation. This is typically called the gap analysis stage;
  • The purpose is to determine existing compliance levels and risks in regard to non-compliance in the business operations. The results of the process are captured in a report that breaks down the business’s level of compliance as it relates to the 8 principles of the data lifecycle;
  • Preparation of all relevant data processing policies (internal and external privacy policies, records retention and destruction policies, cookie policy, information security policies), procedures (privacy impact assessment procedures, data breach response procedure), agreements (data processing agreements, cross-border data transfer agreements), privacy forms and templates, and other compliance documentation required to embed DPA compliance in the business, and assistance with the setup of relevant governance forums and procedures/terms of reference for various governance structures to manage ongoing data protection compliance;
  • Addressing and managing all key compliance and legal risks to the business with the implementation and operationalization of the DPA; and
  • Setting up an information repository along with preparation of an overall compliance manual and compliance documentation and procedures to manage ongoing DPA compliance within the business, including conducting ongoing data privacy impact assessments.

To this end, we urge your business (especially if you handle large amounts of personal data) to do the needful to become exemplary in data protection compliance.

For more information on the above, contact LEX Africa member from Armstrongs in Botswana, Mr. Simon Bathusi at simon@armstrongs.bw or call +267 395 3481.

Media

Explore our news articles, specialist publications and browse through our webinars and gallery

What We Do

Explore our range of expertise, and see how we can help you.
Banking, Finance, Investment Funds & Private Equity
Business Crimes & Investigations
Competition Law
Construction & Engineering
Corporate Mergers & Acquisitions
Cyber Law, Block chain & Technology
Dispute Resolution
General Business Law
Healthcare and Life Sciences
Infrastructure, Energy & Projects
Insolvency & Business Restructuring
Intellectual Property
Labour & Employment
Local Investment Laws and Indigenisation
Media, Broadcasting & Communications
Mining, Environmental & Resources
Property Law and Real Estate
Tax

Member Countries

Explore our member firms by country

Algeria
Angola
Botswana
Burkina Faso
Cameroon
DRC
Egypt
Equatorial Guinea
Eswatini
Ghana
Guinea Conakry
Ivory Coast
Kenya
Lesotho
Malawi
Mali
Mauritius
Morocco
Mozambique
Namibia
Nigeria
Rwanda
Senegal
South Africa
Tanzania
Tunisia
Uganda
Zambia
Zimbabwe