Malawi is set to strengthen compliance with its data protection laws through proposed regulations that will require organisations handling personal data to register.
Improving compliance with the Data Protection Act, 2024, is at the centre of the proposed regulations being developed by the Malawi Communications Regulatory Authority (MACRA).
The proposals were presented during a stakeholder consultation workshop on the Draft Data Protection Regulations, Guidelines and Proposed Registration Fees.
MACRA Head of Data Protection Daniel Chiwoni said the consultations are intended to ensure stakeholders contribute to the development of the registration framework before it is finalised.
“Our objective is to solicit input and views from our stakeholders on the proposed registration fees for data controllers and data processors. Everyone has got a say before we come up with the final position,” said Chiwoni.
The Authority says mandatory registration will improve compliance with the Data Protection Act by strengthening oversight of organisations that handle personal data and enhancing the protection of Malawians’ personal information through effective monitoring and enforcement.

Under the proposed framework, organisations that collect or process personal data will be required to register with the Data Protection Authority.
Registration fees will be based on annual turnover, ranging from K50,000 for small and medium-sized enterprises to K7 million for the largest data controllers and processors of significant importance.
United General Insurance Assistant Manager Colleta Kaira welcomed the consultation process but said she still had concerns over the proposed fee structure.
“I have some questions because there are some jumps in the fee structure that I’m not comfortable with. I hope to get a better understanding when those questions are addressed,” said Kaira.
