14 companies awarded data protection certificates
IN a significant move towards upholding data protection standards, 14 companies have recently been awarded data protection certificates by the Data Protection Act of 2022.
These companies were recognised for demonstrating their commitment to safeguarding data as registered data controllers and protectors. These companies are namely, Eswatini Communications Commission (ESCCOM), Instacash, Liberty Registrar, Young Enterprise Revolving Fund, Eswatini Post and Telecommunications Corporation (EPTC), Eswatini Royal Insurance Corporation (ESRIC), SNAT Savings and Credit Cooperative Society (SACCO), Ekuphileni Clinic, Foschini Swaziland, SwaziMed, Eswatini Bank, Chakaza Holdings, Ngwenya Glass, and Ezulwini Private Hospital.
The official ceremony to present the certificates took place at the ESCCOM boardroom on Tuesday morning. Chief Executive of ESCCOM Mvilawemphi Dlamini extended his congratulations to the awarded companies for their dedication to data protection excellence.
He said the event marks history in the making as this is issuing of the first-ever registration certificates under the Data Protection Act 2022, to 14 entities. This follows a call by ESCCOM to all data controllers and data processor to register with the authority. “Early this year we issued a decision on the registration of Data Controllers and Data processors which came into effect on March 1, 2024, with a registration window period ending September 30, 2024,” he said.
The CE revealed that the registration is based on the legal requirement of the Data Protection Act,2022 which enjoins the Commission in the exercise of its mandate as the Eswatini Data Protection Authority to establish and maintain a Register of data controllers and data processors. Registration is one of the biggest steps in complying with the Act.
This is a requirement not unique to Eswatini but best practice as well and common across many European and African countries already implementing their data protection Laws. Dlamini also urged companies that compliance should not be seen as a hindrance and cost to the company but should be viewed as a value add in that consumers/data subjects will have trust that their data which is at your disposal is secure and that you are legitimate data processors and data controllers duly registered with the EDPA.
“This is the beginning of a long journey to compliance, and we are happy that you have embarked on the first step and will continue to comply with other obligations as we go together through these unchartered waters of data protection,” the CE said.
Dlamini further urged companies to continue working closely with the EDPA and respond to consultation processes that may be required from time to time. He also urged other data controllers and data processors to follow suit and grab the registration opportunity available through the registration window period ending on September 30, 2024.
He further encouraged all those who have registered to complete the process by paying the prescribed registration fees so that they may also be issued their certificates. “Once again thank you all and we congratulate you for being the first group of entities to register in compliance with the Data Protection Act and you are now officially in the first Eswatini Register for Data Controllers and Data Processors,” he concluded.
Speaking on behalf of the recipients, Sifiso Dlamini, who is Head of Legal Services and Compliance at ESRIC, said appreciated the honour of being certified under data protection. He promised the commission to protect data integrity for consumers. He stated that this certification aligns with the ‘Nkwe’ movement, and they are committed to working hard. “We hope the commission will keep on supporting us as they have always done,” he said.
In today’s digital age, the protection of personal data has become a critical issue. As more and more businesses and organizations collect and process vast amounts of personal information, the roles of data controllers and data processors have come into focus.
Data controllers are entities that determine the purposes and means of processing personal data. They are responsible for ensuring that data processing activities comply with data protection regulations and that individuals’ rights are protected. Data controllers can be individuals, organizations, or businesses that collect personal data directly from individuals or other sources.
Data processors, on the other hand, are entities that process personal data on behalf of data controllers. They act on the instructions of data controllers and are required to follow strict guidelines to ensure the security and confidentiality of the data they process. Data processors can be third-party service providers, such as cloud storage providers or IT companies, that handle personal data on behalf of data controllers.