Mamshungulii
Senior Member
- May 3, 2023
- 175
- 88
As the number of organizations that process personally identifiable information increases, so does the need for such organizations to ensure the safety and privacy of data.
It is essential for organizations to implement a data protection framework that provides guidance on the protection of personal information.
The framework will help an organization to ensure that all data stored in their servers are protected and reasonably used.
It will also give the organization guidance and structure on any changes needed and the specific use of such changes
The Personal Data Protection Act No. 11 of 2022 sets conditions for the protection of personal information with the aim of setting a minimum level of requirements for the collection and processing of personal information, establishing a Commission for the Protection of Personal Information, strengthening the protection of personal information processed by Government agencies and institutions personal, and other related issues. The law is used for all union matters except for non-union matters in Tanzania.
The Act key elements are confidentiality, integrity and privacy, it sets out what should be done to make sure everyone’s data is safe, used properly, and fairly. Key pieces of information that are commonly stored by businesses, be that employee records, transaction data, customer details, or data collection, need to be protected. The protection allows for the data from being misused by third parties for fraud, such as phishing scams, identity theft, and other forms of misuse.
The Personal Data Protection Commission of Tanzania is an independent authority established under the Personal Data Protection Act No. 11 of 2022. It has the power to own movable and immovable properties, enter into contracts, sue or be sued, and perform any other duty that any legal entity may perform for the purpose of better performance of its duties under the Act such as:
monitor the implementation of this Law for collectors and processors; register collectors and processors; receive, investigate, and process complaints about alleged violations of the protection of personal information and people’s privacy; conducting research and monitoring the development of technology related to information processing;
Notwithstanding any other law, the Commission may examine personal information recorded in any form held by the collector or processor, and in doing so, the Commission shall not be prevented from obtaining any information according to Section 42(3) of The Personal Data Protection Act No. 11 of 2022.
Any document or document produced by the collector or processor or any other person shall be returned by the Commission within ten working days after the application is submitted to the Commission by the collector or processor or such person, but nothing will prevent the Commission from requiring that document or text to be submitted again in accordance with the Act.
According to Section 60 of the Act, a collector who, without good reason, discloses personal information in any way that is inconsistent with the purpose for which the information was collected commits an offense.
A processor who, without reasonable cause, discloses personal information processed by the processor without the prior consent of the collector commits an offense.
A person who obtains personal information, or obtains any information consisting of personal information, without the consent of the collector or processor that stores the information or will disclose personal information to another person, he commits a mistake.
A person who sells personal information obtained in violation of this act commits an offense. An advertisement showing that personal information is being sold or can be sold will be considered an offer to sell personal information which is also an offense.
Where an offense under the Act has been committed by a company or organization, the company or organization and every officer of the organization who knowingly and intentionally authorizes or permits the violation shall be responsible for the offense.
The collector or processor is to comply with the legal principles in the collection and processing of personal information and to take the necessary steps to ensure the protection and security of the personal information they have except in the following circumstances;
If the processing carried out by the subject of the information in his personal activities;
is made in accordance with the provisions of any law or court order;
it is done for the purpose of protection and security of the Nation and public interest;
is conducted for the purpose of preventing or detecting crime;
is carried out with the aim of identifying or preventing tax evasion;
takes place in the audit of the embezzlement of public funds; or
is for the purpose of searching for an appointment in the position of public service.
A key consideration for most businesses will be the lawful basis on which they are relying in order to process particular categories of data like when processing based on data subject’s consent, the business legitimate interest and the performance of a contract.
It only applies to personal data about individuals, they don’t govern data about companies or any other legal entities. However, information in relation to one-person companies may constitute personal data where it allows the identification of a natural person.
It applies to all personal data relating to natural persons in the course of professional activity, such as the employees of a company/organization, business email addresses like ‘forename.surname@company.co.tz’, or employees’ business telephone numbers. It is key to have a data controller within your organization and make sure that all the processes and requirements of the Act are met.
A Data collector is a person, body corporate or a public institution that either alone or in conjunction with another institution determines the purpose and methodology of personal data processing and where such methods have been prescribed by law and a Data processor is a person, body corporate or public institution which processes personal data for and on behalf of the data collector under the guidance of the data collector, except persons under the direct control of the data collector, and includes their agents.
View: https://www.instagram.com/p/C7T4rhFtJ8-/?igsh=MXB3cXU4NGFic3luMg==
It is essential for organizations to implement a data protection framework that provides guidance on the protection of personal information.
The framework will help an organization to ensure that all data stored in their servers are protected and reasonably used.
It will also give the organization guidance and structure on any changes needed and the specific use of such changes
The Personal Data Protection Act No. 11 of 2022 sets conditions for the protection of personal information with the aim of setting a minimum level of requirements for the collection and processing of personal information, establishing a Commission for the Protection of Personal Information, strengthening the protection of personal information processed by Government agencies and institutions personal, and other related issues. The law is used for all union matters except for non-union matters in Tanzania.
The Act key elements are confidentiality, integrity and privacy, it sets out what should be done to make sure everyone’s data is safe, used properly, and fairly. Key pieces of information that are commonly stored by businesses, be that employee records, transaction data, customer details, or data collection, need to be protected. The protection allows for the data from being misused by third parties for fraud, such as phishing scams, identity theft, and other forms of misuse.
The Personal Data Protection Commission of Tanzania is an independent authority established under the Personal Data Protection Act No. 11 of 2022. It has the power to own movable and immovable properties, enter into contracts, sue or be sued, and perform any other duty that any legal entity may perform for the purpose of better performance of its duties under the Act such as:
monitor the implementation of this Law for collectors and processors; register collectors and processors; receive, investigate, and process complaints about alleged violations of the protection of personal information and people’s privacy; conducting research and monitoring the development of technology related to information processing;
Notwithstanding any other law, the Commission may examine personal information recorded in any form held by the collector or processor, and in doing so, the Commission shall not be prevented from obtaining any information according to Section 42(3) of The Personal Data Protection Act No. 11 of 2022.
Any document or document produced by the collector or processor or any other person shall be returned by the Commission within ten working days after the application is submitted to the Commission by the collector or processor or such person, but nothing will prevent the Commission from requiring that document or text to be submitted again in accordance with the Act.
According to Section 60 of the Act, a collector who, without good reason, discloses personal information in any way that is inconsistent with the purpose for which the information was collected commits an offense.
A processor who, without reasonable cause, discloses personal information processed by the processor without the prior consent of the collector commits an offense.
A person who obtains personal information, or obtains any information consisting of personal information, without the consent of the collector or processor that stores the information or will disclose personal information to another person, he commits a mistake.
A person who sells personal information obtained in violation of this act commits an offense. An advertisement showing that personal information is being sold or can be sold will be considered an offer to sell personal information which is also an offense.
Where an offense under the Act has been committed by a company or organization, the company or organization and every officer of the organization who knowingly and intentionally authorizes or permits the violation shall be responsible for the offense.
The collector or processor is to comply with the legal principles in the collection and processing of personal information and to take the necessary steps to ensure the protection and security of the personal information they have except in the following circumstances;
If the processing carried out by the subject of the information in his personal activities;
is made in accordance with the provisions of any law or court order;
it is done for the purpose of protection and security of the Nation and public interest;
is conducted for the purpose of preventing or detecting crime;
is carried out with the aim of identifying or preventing tax evasion;
takes place in the audit of the embezzlement of public funds; or
is for the purpose of searching for an appointment in the position of public service.
A key consideration for most businesses will be the lawful basis on which they are relying in order to process particular categories of data like when processing based on data subject’s consent, the business legitimate interest and the performance of a contract.
It only applies to personal data about individuals, they don’t govern data about companies or any other legal entities. However, information in relation to one-person companies may constitute personal data where it allows the identification of a natural person.
It applies to all personal data relating to natural persons in the course of professional activity, such as the employees of a company/organization, business email addresses like ‘forename.surname@company.co.tz’, or employees’ business telephone numbers. It is key to have a data controller within your organization and make sure that all the processes and requirements of the Act are met.
A Data collector is a person, body corporate or a public institution that either alone or in conjunction with another institution determines the purpose and methodology of personal data processing and where such methods have been prescribed by law and a Data processor is a person, body corporate or public institution which processes personal data for and on behalf of the data collector under the guidance of the data collector, except persons under the direct control of the data collector, and includes their agents.
View: https://www.instagram.com/p/C7T4rhFtJ8-/?igsh=MXB3cXU4NGFic3luMg==
