Saki, Otto2026-06-122026-06-122025https://hdl.handle.net/10566/24409The thesis was written in the context of rapid internet expansion and technological developments such as Artificial Intelligence (AI), which have led to an increased demand for the use of personal data for various public and private purposes. Economic blocs like the European Union (EU), African Union (AU), Southern African Development Community (SADC), and intergovernmental organisations such as the United Nations (UN) have established data privacy and cross-border data transfer frameworks because of increasing demand for personal data. These frameworks seek to harmonise international, regional, and national data privacy standards and to protect personal data globally. However, they often reflect the differing interests of the public and private actors regarding personal data. From a global trade perspective, personal data is considered to be a trade facilitator, and in some cases personal data itself is the transaction. Conversely, governments regard personal data as a national asset to be used and safeguarded in terms of national security. Equally, personal data focuses on the data subject, who perceives it as a human right needing protection from unlawful and unauthorised use by public and private entities. Data subjects expect control and access to their data. To ensure continual protection, legal frameworks must align across international, continental, regional, and national levels, because personal data crosses borders. In 2021, Zimbabwe passed the Cyber and Data Protection Act (CDPA), its main data privacy law. This thesis assesses the adequacy of Zimbabwe's legal framework on data privacy and cross-border data transfers, including common and statutory laws, the Constitution, the CDPA and other sectoral laws. The thesis compares them to the EU's General Data Protection Regulation (GDPR) and South Africa's Protection of Personal Information Act (POPIA). Using an analytical and comparative approach, the thesis concludes that Zimbabwe’s legal framework lacks a balance or accommodation of other pertinent interests, and focuses more on national security interests. The thesis recommends a multidisciplinary approach to establishing a data-driven economy that safeguards personal data.enCross-border data transfer/data transferData privacyData protection authorityData securityData subjectThesis