Malawi: Introduced Data Protection Bill 2023 including cybersecurity regulation

On 7 December 2023, the Data Protection Bill 2023 was introduced in the Malawi Parliament. The Bill requires data controllers and processors "to implement appropriate technical and organisational measures to ensure the security of personal data". The personal data must be pseudonymised, encrypted, and available and accessible in case of an incident. Data controllers are subject to a 72-hour notification period in case of a data breach. Further, periodic risk assessments of the data processing system and service, as well as regular testing, assessment and evaluation of the effectiveness of the data security measures must be carried out.