Botswana's newly-appointed Information and Data Commissioner Kepaletswe Somolekae said there are “serious gaps” in the Data Protection Act, introduced in October 2021,and it is critical that these are addressed before the law is fully implemented in the next four months.

Established under the 2018 Data Protection Act, the new amended legislation was introduced to govern data management and the protection of personal information.

However, Somolekae has pointed out glaring gaps, including that the legislation does not cover the processing of personal data “in the course of a purely personal or household activity” and lacks detail regarding the processing of data for national security, defence or public safety including “for the prevention of- and investigation into/ or proof of offences.”

The Commissioner added that the Act makes no provision for processing of data for prosecution of offenders or the execution of sentences or security measures, or for economic or financial interest, including monetary, budgetary and taxation matters.

In an effort to address the gaps, Somolekae confirmed the Commission is currently engaging stakeholders to secure the necessary input and the legislation will be amended before the end of the year.

“We will have the Bill ready for November sitting,” said Somelekae. “We are only filling in the gaps, I don’t see the amendments upsetting what data controllers will have sought to put in place.”

Botswana’s data protection legislation applies directly to data controllers, data processors and other stakeholders involved in processing personal data.

The Act's transition period will end on 15 October 2022, after which all stakeholders must be compliant.