Zambia Rights Guide

Your Data Privacy Rights in Zambia — Data Protection Act 2021

Zambia's Data Protection Act 2021 gives you the right to access, correct, and have your data deleted. Violations can be reported to the Data Protection Commissioner — free.

FreeZambian Law3 related guides

Direct Answer

The Data Protection Act 2021 gives every person in Zambia the right to know how their personal data is collected and used, the right to correct inaccurate data, and the right to object to its processing. Organisations that misuse your data can be reported to the Data Protection Commissioner at ZICTA.

What the Law Says

Your Legal Foundation

Data Protection Act 2021

Section 27

“A data subject has the right to access personal data held about them by any data controller, and to request correction of inaccurate data.”

Data Protection Act 2021

Section 29

“A data subject may object to the processing of their personal data and may request that processing be stopped.”

Constitution of Zambia 1991 (as amended)

Article 17

“Every person has the right to privacy, which includes the right not to have their home or property searched or their communications infringed without consent or legal authority.”

What to Do

Step-by-Step Guide

1Identify the violation. Common issues: data shared without consent, data used beyond the stated purpose, spam marketing using your number, data breach, or refusal to correct your data.
2Request action from the organisation in writing — ask them to stop processing, correct, or delete your data. Give them 21 days to respond.
3If they ignore you or refuse, file a complaint with the Data Protection Commissioner, administered through ZICTA at zicta.zm. Free.
4Include your evidence — screenshots, emails, and a description of the harm caused.

What to Say

Exact Words to Use

“"Under Section 27 of the Data Protection Act 2021, I am requesting access to all personal data you hold about me and correction of any inaccurate information. Please respond within 21 days."”

Tone: Written — to any organisation holding your data

Common Questions

Frequently Asked Questions

When did Zambia's data protection law come into force?

The Data Protection Act 2021 was enacted in 2021 and is administered through ZICTA. It aligns Zambia with international data protection standards and creates rights for individuals against data controllers.

My employer shared my personal details with a third party without consent — what can I do?

File a complaint with the Data Protection Commissioner at ZICTA. Employers are data controllers under the Act and may only share employee data for lawful purposes and with appropriate consent or legal basis.

Does this law cover social media and tech companies operating in Zambia?

Yes. The Data Protection Act applies to any data controller processing personal data of persons in Zambia, whether the controller is based in Zambia or abroad.

I was a victim of a data breach — what must the organisation do?

Under the Data Protection Act, data controllers must notify affected persons of a breach that poses a risk to their rights. If you have not been notified of a breach you suspect occurred, report to ZICTA.

Get Help Now

Resources & Helplines

ZICTA (Data Protection Commissioner)
zicta.zm
File data privacy complaints here. Free.
Human Rights Commission of Zambia
0211-252 415
Privacy as a human rights matter.
Legal Aid Board Zambia
0211-251 508
Free legal assistance.

Continue Learning

Practice Your Rights Out Loud

The Advocate gives you exact rebuttals, law references, and Scripture for real Zambian scenarios. Free to try.

Open The Advocate — Free

No credit card needed · Know Your Rights. Know Your Word.