A total of 510 entities have registered as Data Controllers and Data Processors in Eswatini, marking a significant milestone in the country’s data protection journey.
The milestone was announced by the Eswatini Communications Commission (ESCCOM), in its capacity as the designated Eswatini Data Protection Authority (EDPA), during the national commemoration of Data Protection Day 2026 at Sibane Hotel in Ezulwini, which was attended by government leaders, regulators, private-sector representatives, and civil society.
According to the EDPA, registered entities include government ministries, parastatals, financial institutions, private companies, and other organizations that collect and process personal data, reflecting growing compliance with the Data Protection Act of 2022.
Speaking at the event, ESCCOM Chief Executive and Commissioner General of the EDPA, Mvilawemphi Dlamini, said the registrations go beyond regulatory compliance, describing them as a commitment to safeguarding privacy and human dignity.
“These are not merely registered institutions; they are compliant entities that have embraced their responsibilities and are now champions of data protection in the Kingdom of Eswatini,” Dlamini said.
Minister of Information, Communications and Technology Savannah Maziya said data protection has become central to economic growth, digital trade, and investment attraction. She warned that weak safeguards undermine trust and expose citizens and economies to harm.
“Data is no longer abstract. It is deeply personal. It is the information of a young entrepreneur selling products online, a farmer checking market prices, and a student seeking opportunities beyond our borders,” Maziya said. She stressed that data protection is not merely a technical or regulatory issue, but a critical enabler of trust in the digital economy.
“E-commerce and digital trade can only thrive where trust exists. When data is not protected, trust is broken, citizens are exposed, and economies are weakened,” she said. Maziya said strong data protection frameworks are increasingly critical as Eswatini opens its digital economy to global partnerships and investment.
“Economic opportunity must never come at the expense of the privacy and dignity of emaSwati. Our data must be processed lawfully, securely, and in accordance with our national laws and values,” she said.
She commended ESCCOM and the EDPA for the progress to date, confirming that the Data Protection Regulations are at an advanced stage and reaffirming the government’s commitment to their timely finalization. “Strong data protection is what turns digital access into digital trust,” Maziya said.
The EDPA reported that 213 of the registered entities have already renewed their certificates, which are valid for one year, signaling sustained engagement with the regulatory framework.
Beyond registration, the authority has conducted extensive nationwide awareness and capacity-building initiatives, engaging more than 188 organizations and reaching communities, schools, churches, and small enterprises. These efforts have focused on educating organizations about their legal obligations and empowering citizens to understand and assert their data rights.
The EDPA has also processed 51 authorizations, including approvals for cross-border data transfers; received 29 data breach notifications; and handled 14 public complaints, some of which have already been resolved. For preventable or negligent breaches, the authority has issued 11 enforcement notices as part of its compliance-driven regulatory approach.
Targeted training programs for Data Protection Officers (DPOs) have also been rolled out, including specialized sessions led by international experts to align Eswatini’s practices with global standards.
Despite progress, the authority highlighted ongoing challenges, including operating without dedicated funding, and appealed for increased budgetary support to sustain and expand its mandate.