In its role as the Eswatini Data Protection Authority (EDPA), the Eswatini Communications Commission (ESCCOM) has issued a strong call for organizations to move beyond symbolic compliance and meaningfully empower their Data Protection Officers (DPOs), warning that enforcement action will continue against institutions that fail to meet their statutory obligations.
This took place today at the Data Protection Champions Event at the ESCCOM Head Offices in Ezulwini as part of the commemoration of Data Protection Week. Ozzie Thakatha, representing the ESCCOM Chief Executive and Head of the Eswatini Data Protection Authority (EDPA), said the era of appointing DPOs solely to meet legal requirements must end.
“It is no longer sufficient for organizations to merely appoint DPOs to tick a statutory box,” Thakatha said. “The law and good governance demand empowered Data Protection Officers, individuals who are resourced, independent, knowledgeable, and positioned to influence decision-making within their institutions.”
The event brought together DPOs and key stakeholders from both the public and private sectors, with discussions focused on strengthening compliance with data protection laws, promoting responsible data management, and fostering a culture of privacy across organizations.
Thakatha emphasized that an empowered DPO should not be treated as an afterthought but as a strategic partner within an organization. According to the Authority, DPOs must be able to advise leadership with confidence, identify privacy risks early, and embed compliance in daily operations rather than address it reactively after breaches.
“A strong and sustainable privacy culture requires leadership support,” he said. “It requires organizations to recognize that data protection is not an obstacle to business but a foundation for trust, accountability, and good governance.”
The Commission reported that it continues to receive complaints of breaches of data protection obligations, some of which have led to the issuance of enforcement notices in line with the Authority’s statutory mandate. While enforcement remains a necessary regulatory tool, Thakatha emphasized that punishment is not the regulator’s primary objective.
“Regulation is not about punishment for its own sake,” he said. “Our ultimate objective is to foster a culture of compliance, accountability, and respect for data subjects’ rights that continues to expand across all sectors.”
He underscored that prevention remains the most effective approach, noting that well-trained and empowered DPOs are central to preventing data breaches and ensuring lawful processing of personal data.
The Data Protection Champions Event was designed as a capacity-building and engagement platform that encourages DPOs to share experiences, ask questions, and deepen their understanding of data protection laws and international best practices.
“I challenge each of you present here to make full use of this opportunity,” Thakatha said. “When DPOs are empowered, organizations comply more effectively, trust is strengthened, and the rights of the people of Eswatini are better protected.”
The Commission also acknowledged the role of private and public sector partners whose support contributed to the success of the event and other Data Protection Week activities. These partners include Computronics, First National Bank Eswatini, Nedbank, Eswatini Bank, the Institute of Development Management (IDM), Eswatini Water Services Corporation, FINCORP, NAMBOARD, and Romer Services.
According to ESCCOM, such partnerships are critical for reinforcing the message that data protection is a collective responsibility that extends beyond regulatory compliance.
In closing, Thakatha reaffirmed the Authority’s commitment to working collaboratively with Data Protection Officers, positioning them as key champions of accountability and ethical data governance in Eswatini’s evolving digital landscape. “Together, we can build a strong privacy culture that supports innovation while safeguarding fundamental rights,” he said.