By Boitumelo Motshobedi the Data Protection Officer, Stanbic Bank BotswanaStanbic Bank Botswana continues to ensure we are not only compliant with the Data Protection Act

by playing an active role in championing adherence and better understanding of responsible data
use. This is how we ensure we are doing the right thing when it
By Boitumelo Motshobedi the Data Protection Officer, Stanbic Bank Botswana
To demonstrate compliance with the Data Protection Act, an important element is compliance with
the requirements for processing personal data included in the Act. These guide how data processors
should process people’s personal information.
1. Personal data (PD) shall only be processed fairly and lawfully and in a transparent manner in
compliance with the provisions of the Act. We are expected to make reference to an existing law
in our processing of personal data.
2. PD shall be adequate, relevant and not excessive in relation to the purposes for which it is
processed. This requires that data processors only obtain necessary PD for their processing
3. PD shall be accurate and, where necessary, kept up to date. This requires the data processor to
take steps to ensure that data subjects can provide updated information.
4. PD is collected for specific, explicitly stated and legitimate purposes. This requires that the data
controller informs the data subject of the purpose/s of the processing.
5. PD shall not be further processed in any manner incompatible with those purposes. For example,
in the case of Stanbic Bank, PD can be moved from People & Culture to Tech & Ops to ensure an
employee has access to a laptop and other company systems as long as all these purposes are
included in the notification to employees relating to the purpose for processing their PD.
6. Appropriate technical and organisational measures shall be taken to avoid unauthorised or
unlawful processing of personal data and against accidental loss, unauthorised access or
destruction, or damage, modification and disclosure of PD.
7. Where PD is incomplete or incorrect, all reasonable measures are taken to complete, correct,
block or delete the personal data, having regard to the purposes for which it is processed.
8. PD processed for any purpose or purposes shall not be kept for longer than is necessary for
those purposes.
9. PD shall be processed in accordance with good practice. This requires the data processors to
keep themselves up to date with leading practices in this area.
Stanbic Bank Botswana continues to ensure we are not only compliant with the Data Protection Act
by playing an active role in championing adherence and better understanding of responsible data
use. This is how we ensure we are doing the right thing when it comes to data.