Abstract:
The rapid digitization and digitalization of services, along with extensive use of personal data across public and
private sectors, have raised concerns about personal data protection and privacy. In response, like other countries,
Tanzania enacted the Personal Data Protection Act (PDPA), Cap. 44 of 2022, and its associated regulations.
While these instruments establish a legal framework for data protection, their effectiveness depends on organizations’
readiness to implement and comply with them. This study assesses organizational readiness and
compliance with the PDPA, identifies key implementation challenges, and proposes measures to strengthen
personal data protection practices in Tanzania. A pragmatic mixed-methods design guided by institutional theory
was employed, with data collected from 232 organizations using a structured electronic questionnaire. Quantitative
items assessed five readiness dimensions - awareness, internal policies, staff training, technical infrastructure,
and management support. Meanwhile, open-ended questions examined implementation challenges and
solutions. Quantitative data were analyzed using Partial Least Squares Structural Equation Modelling (PLS-SEM),
and revealed that all five readiness dimensions were positively and significantly associated with compliance,
with technical resources (β = 0.412) being the strongest predictor. Qualitative responses were thematically
analyzed using NVivo v14, with results corroborating the quantitative findings and revealing deeper barriers,
including limited awareness and capacity, and regulatory challenges. Integrated findings indicate that while
larger organizations demonstrate basic preparedness, SMEs and NGOs face systemic capacity limitations. Overall,
the study highlights the need for strengthened institutional capacity and a compliance-oriented culture, and
provides evidence-based recommendations to support effective implementation of the legislation.
