The Malawi Communications Regulatory Authority (MACRA) is consulting stakeholders on draft data protection regulations that propose annual registration fees for certain data controllers and processors based on their annual turnover.
The consultation, held at the Mount Soche Hotel in Blantyre on Monday, forms part of MACRA's mandate as Malawi's Data Protection Authority (DPA) and seeks input from the public and private sectors before the regulations are finalised.
Under the draft regulations, organisations classified as data controllers and data processors of significant importance would pay annual registration fees based on their turnover.
The proposed fees range from approximately $29 for small businesses to more than $4 000 for large organisations, although the amounts should be read alongside the official fee schedule in the draft regulations.
Speaking during the consultation, Harold Msusa, principal secretary in Malawi's Ministry of Information and Communication Technology, said government remained committed to establishing a data protection regime that supports digital innovation while protecting public trust.
"The government remains committed to supporting a data protection regime that is transparent, inclusive and responsive to the needs of both citizens and businesses," said Msusa.
He said the proposed turnover-based fee structure would require larger organisations to contribute proportionately while avoiding unnecessary financial burdens on smaller enterprises.
Dan Chiwoni, head of data protection at DPA, said the authority had developed an implementation framework to operationalise the proposed regulatory requirements while maintaining a balance between data privacy, innovation and economic growth.
"The Authority has developed a framework to guide the implementation of the new requirements, while ensuring a balance between data privacy, innovation and growth," said Chiwoni.
He said the consultation process would help ensure the regulations reflect the views of businesses, institutions and other stakeholders that collect or process personal data.
The proposed regulations come as Malawi continues to expand digital services, including online financial services, digital identity systems, e-government platforms and artificial intelligence applications.
As organisations process increasing volumes of personal information, the proposed framework aims to strengthen accountability, improve cyber security and increase public confidence in digital services.
Stakeholders from the private sector and public institutions attended the consultation to provide feedback before the regulations are finalised.
The consultation marks another step in MACRA's implementation of Malawi's Data Protection Act and its efforts to establish a regulatory framework that supports digital innovation while protecting the privacy rights of Malawians.
Share



