Summary

Data governance relies heavily on security. However, due to a lack of precise definitions in legislation, there is frequent confusion between data protection and cybersecurity. These two topics are misunderstood and confused due to a lack of understanding of how to approach them effectively. As a result, because the approach is derived from the comprehension, it typically varies significantly from country to country.

Over time, legal policies and frameworks have lagged behind technological advances, especially in cybersecurity and data protection. Long-term, this could create legislative gaps regarding data governance and emerging technologies. This study examined the cybersecurity and data protection laws in Mauritius, Kenya, and Zimbabwe in an effort to comprehend their perspectives on cybersecurity and cybercrime, as well as the reasons for their disparities. It identified current issues at the intersection of cybersecurity and data protection in the studied countries and evaluated their cybersecurity and data protection approaches.