Eswatini has become the third country in the Southern African Development Community (SADC) to formally establish a Data Protection Authority, reinforcing its status as a regional leader in digital governance and privacy protection.
This was highlighted during the Data Protection Day 2026 commemoration held at Sibane Sami Hotel, where the Eswatini Data Protection Authority (EDPA) reflected on its establishment and progress since the enactment of the Data Protection Act in 2022.
Addressing delegates, EDPA Assistant Director Sicelo Simelane said Eswatini had followed Angola and South Africa in operationalizing a national data protection authority, calling the move a significant achievement for the Kingdom and the region. “Within a short period after enacting the Data Protection Act, Eswatini successfully established the Directorate and operationalized the EDPA in January 2023. This positioned the country as the third in SADC to do so,” Simelane said.
The Data Protection Act came into force on 4 March 2022, with the EDPA formally launched during the country’s first Data Protection Day commemoration in January 2023. In line with parliamentary wisdom, the authority was established within ESCCOM, designating the communications regulator as the national data protection authority.
Simelane noted that while many countries in the region are still grappling with legislative frameworks or institutional development, Eswatini has moved swiftly from law to implementation.
The EDPA operates through a specialized structure responsible for registration, compliance, investigations, breach management, enforcement, and public education. Its mandate includes protecting personal data, empowering data subjects, and fostering trust in the digital economy.
Internationally, Eswatini has strengthened its standing through strategic collaboration. The EDPA is a member of the African Network of Data Protection Authorities and recently joined the Global Privacy Assembly, the world’s leading forum for privacy and data protection regulators.
The authority has also signed a Memorandum of Understanding with the Data Protection Authority of South Africa, the Information Regulator, to enhance cooperation on capacity building and cross-border data flows.
Simelane said these partnerships ensure that Eswatini’s regulatory framework aligns with international best practices while responding to local realities.
Looking ahead, the EDPA is developing a five-year strategic plan, establishing a whistleblower framework, and collaborating with the African Union and Smart Africa on a National Data Policy. Sector-specific guidelines for health and education institutions are also being developed because of the sensitive nature of the data they handle.