Southern Africa: SADC Secretariat Fully Complies With International Best Practices On Protection of Personal Data

document

This was validated by the recent audit report for the period of November 2021 - October 2022 produced by Deloitte Reviseurs d'Enterprises which found the SADC Secretariat to be fully compliant. The EU conducts Pillar Assessments in order to evaluate whether to fund or conclude specific agreements with organisations such as SADC. This particular audit sought to assess if the SADC Secretariat complied with Pillar 9 which is a criterion set by the European Union to protect personal data privacy and security.

Personal data means any information such as personal and contact details that could directly or indirectly identify a living person. The internet and cloud computing has captured a lot of personal data and if used in an improper manner, could pose a threat to the well-being of data subject through identity theft, financial loss, discrimination or physical harm. It is in light of these potential risks that organisations are required to have data protection laws which set out what should be done to make sure personal data is used properly and ethically.

The SADC Secretariat amongst other risk mitigation actions, developed a Policy on the Protection of Personal Data, which was approved by the Council of Ministers in March 2022. This Policy provides guidance on how the Secretariat, its staff members, consultants, and stakeholders obtain, process, restrict, dispose or store personal data.

The Secretariat also implemented a personal data compliance programme which involved the development of workplace policies, processes, and training of all SADC Secretariat staff members on compliance with the Policy as well as the creation of the SADC Secretariat's privacy team. Proper mechanisms for cross border data transfers which permit the transfer of personal data to third parties outside the SADC Secretariat are also in place. Through the office of the Data Protection Officer, the SADC Secretariat will ensure that employees and stakeholders are familiar with the Data Protection Policy and will continue to monitor compliance.

Having systems, controls, rules, and procedures which comply with internationally accepted standards such as the GDPR is very crucial in a digital ecosystem because organisations within the EU can easily cooperate with the SADC Secretariat with the assurance that any personal data which may be shared will be processed by the SADC Secretariat in accordance with the EU Data Protection laws.

Compliance of the SADC Secretariat with these standards will strengthen the SADC-EU relations and enhance continued engagement with development partners and funders. It is also reassuring that the majority of SADC Member States have adopted data protection laws and this with strengthen the position of the SADC region as an ethical destination for attracting Foreign Direct Investment because investors will be assured that their data is protected.

The Protection of Personal Data project is funded by the EU under the Integrated Institutional Capacity Building (IICB) Programme for the SADC Secretariat and National Stakeholders that aims to enhance service delivery by the Secretariat in support of programme/project planning, coordination, resource mobilisation, implementation, monitoring and knowledge-sharing of regional commitments at country level.

Tagged:

AllAfrica publishes around 500 reports a day from more than 100 news organizations and over 500 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.

Articles and commentaries that identify allAfrica.com as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.