Skip to main content
NOPE
In Effect Law Data Protection Context Relevance

Zambia DPA

Data Protection Act 2021 (No. 3 of 2021)

Zambia's comprehensive data protection law with special protections for vulnerable persons and DPIA requirements for high-risk processing.

Jurisdiction

Zambia

ZM

Enacted

Mar 29, 2021

Effective

Mar 1, 2025

Enforcement

Data Protection Commission

Enforcement began March 2025

Who Must Comply

This law applies to:

  • Data controllers and processors in Zambia
  • Entities processing data of Zambian residents
  • Processing involving vulnerable populations

Capability triggers:

servesVulnerable (required)
highRiskProcessing (increases)
Required Increases applicability

Who bears obligations:

Data ControllerData Processor

Safety Provisions

  • Special protections for vulnerable persons including children
  • Data Protection Impact Assessment required for high-risk processing
  • Breach notification required
  • Data Protection Officer for certain entities
  • Cross-border transfer restrictions

Compliance Timeline

Mar 1, 2025

Full enforcement began

Enforcement

Enforced by

Data Protection Commission

Penalties

criminal liability

Criminal liability

Fines and imprisonment for violations

Quick Facts

Binding
Yes
Mental Health Focus
Yes
Child Safety Focus
Yes
Algorithmic Scope
Yes

Why It Matters

Zambia's explicit focus on vulnerable persons makes it highly relevant for mental health chatbots and AI companions serving at-risk users.

Recent Developments

Enforcement began March 2025 after 4-year implementation period

Cite This

APA

Zambia. (2021). Data Protection Act 2021 (No. 3 of 2021). Retrieved from https://nope.net/regs/zm-dpa-2021

BibTeX

@misc{zm_dpa_2021,
  title = {Data Protection Act 2021 (No. 3 of 2021)},
  author = {Zambia},
  year = {2021},
  url = {https://nope.net/regs/zm-dpa-2021}
}

Related Regulations

In Effect BW Data Protection

Botswana DPA

Botswana's modernized data protection law requiring Data Protection Impact Assessment and establishing age 16 for consent.

In Effect SC Data Protection

Seychelles DPA

Seychelles' modern data protection law requiring DPO for large-scale processing and recognizing Cross-Border Privacy Rules certification.

In Effect DZ Data Protection

Algeria Law 18-07

Algeria's data protection law with mandatory DPO requirement added by 2025 amendment and 5-day breach notification.

In Effect RW AI Safety

Rwanda AI Policy

First African country to adopt comprehensive national AI policy. Establishes Responsible AI Office (RAIO) under MINICT. Implements RURA ethical guidelines covering beneficence, non-maleficence, autonomy, justice, explicability, transparency. Non-binding framework.

In Effect INTL Child Protection

UNICEF AI for Children

Most specific international guidance on children and AI. Ten requirements for child-centered AI including development/wellbeing support, data/privacy protection, and safety.

In Effect NP AI Safety

Nepal AI Policy

Nepal national AI policy establishing governance framework and development priorities. Creates AI Governance Council (chaired by Minister for Communications and IT), AI Regulation Council, National AI Centre, and AI Regulatory Authority. Six pillars including ethics, human resource development, and sectoral application.

Back to all regulations Check if this applies to you