Business entities that collect and process personal data will be required to pay annual registration fees

* The proposed fees would enable Malawi Communications Regulatory Authority (MACRA) to effectively monitor and enforce compliance

* While ensuring that personal information belonging to Malawians is adequately protected

By Maggie Msongole, Malawi News Agency (MANA)

Business entities that collect and process personal data will be required to pay annual registration fees with Malawi Communications Regulatory Authority (MACRA).

Advertisement

At a consultation meeting with stakeholders on the proposed registration fees in Mzuzu City on Friday, MACRA Head of Data Protection, Daniel Chiwoni said this is part of efforts to strengthen compliance with the country’s data protection laws.

The proposed fees would enable the authority to effectively monitor and enforce compliance while ensuring that personal information belonging to Malawians is adequately protected

Under the proposed framework, entities that collect and process personal data of more than 10,000 individuals will be required to pay annual registration fees ranging from K50,000 to K7 million — depending on the size of the organisation.

Dan Chiwoni

Chiwoni said the consultations were important to gather stakeholders views on the proposed fee structure takes into account concerns and recommendations from organisations that will be affected by the requirements before its implementation.

“We want stakeholders to provide constructive feedback on the proposed registration fees so that the final structure is fair, practical and acceptable to those who will be required to comply.

“Although organisations are already submitting applications for registration, the process cannot be completed until the fee structure is finalised,” he said, adding that MACRA is targeting September 1, 2026, for the official rollout of the registration process.

One of the participants representing employers in the hospitality and tourism sector, Malidadi Mkandawire, welcomed the consultations, saying they had helped businesses understand their responsibilities when handling employees personal information.

Malidadi Mkandawire

Mkandawire said protection of personal data was important because information can be misused without the knowledge or consent of individuals, including for financial gain.

He, however, urged MACRA to provide clear justification for the proposed fees and explain how the funds would be used to help stakeholders appreciate the value of the charges.

MACRA is conducting the consultations as part of the implementation of Malawi’s data protection framework, which seeks to promote responsible collection, processing and protection of personal data across public and private institutions.

Advertisement

Data protection in Malawi is legally governed by the Data Protection Act of 2024, which went into operation on June 3, 2024.

The law comprehensively protects the right to privacy enshrined under Section 21 of the Constitution of Malawi — replacing the previous, limited data protection rules established under the Electronic Transactions and Cyber Security Act of 2016.

The Data Protection Act establishes strict guidelines for data treatment, that include:

* Sensitive Data Categories — High-level statutory protection covers biometric data, health records, financial data, political opinions, race, ethnic origin, and religious convictions;

* Data Subject Autonomy — Citizens have legal rights to view, rectify, object to processing, or completely delete inaccurate or prohibited personal data stored by public or private entities;

* Filing Inquiries and Breaches — Individuals lodge a written complaint with MACRA within 90 days of a perceived infringement, through which the authority must investigate and issue a decision within 30 days of closing the review.—Editing by Duncan Mlanjira, Maravi Express

Advertisement