01
Compliance Assessment
Data Protection Compliance Assessments
A clear, practical review of how your organisation handles personal information, where it is exposed, and what readiness requires.
Learn more →Data Protection · Regulatory Affairs · Governance · Training
Data protection compliance, led from experience.
Stein Columna advises organisations across Southern Africa on their obligations under Zambia's Data Protection Act — bringing together two decades of legal practice, multi-jurisdictional Data Protection Officer experience, and a proven record of training the people who carry compliance inside real institutions.
The urgency
Zambia's compliance deadline has passed, while the qualified expertise to respond remains scarce. Stein Columna exists to close that gap.
The Moment
Zambia's data protection obligations are no longer coming. They are here.
The Data Protection Act No. 3 of 2021 placed mandatory obligations on every organisation that collects, stores, processes, or shares personal information — across every sector, public and private. The Commissioner's compliance deadline has passed.
Yet few organisations can demonstrate that they understand their obligations, and fewer still hold the systems and evidence to prove it. The shortage is not one of intention. It is one of qualified, practising expertise.
Stein Columna translates regulatory obligation into practical, defensible compliance, and builds the governance culture that sustains it.
What We Do
Guidance across the full compliance journey.
From a first assessment of your exposure to the long-term governance that keeps you compliant, we support organisations at every stage.
02
Governance Advisory
Privacy Governance Advisory
Governance structures that make responsibility for personal data visible, owned, and sustained at board level.
Learn more →03
Policy Development
Policy and Documentation Development
Policies, notices, controls, and records that turn legal obligation into daily practice — and into evidence.
Learn more →04
Stein Columna Training Institute
Data Protection Training
Training that equips boards, leaders, DPOs, and staff to make compliance work in practice.
Learn more →05
Audit Readiness
Audit Readiness and Compliance Support
Prepare for scrutiny by making records, controls, responsibilities, and responses easy to demonstrate.
Learn more →06
Ongoing Advisory
Retainer Advisory
Senior guidance on call as your operations, technology, and regulatory exposure evolve.
Learn more →
Our Conviction
We treat personal data as what it is — a matter of human dignity.
Personal information belongs to people, and carries their dignity, autonomy, and safety with it. Shaped by our founder's years as a human rights advocate, that conviction is why we build compliance that protects people, not merely paperwork that protects appearances.
Leadership
Led by Grace Zulu
A Zambian advocate of over twenty years' standing, a certified Data Protection Officer in multiple Southern African jurisdictions, and the first African to receive the international Libby Slater Award. Grace served as practising Data Protection Officer for the MultiChoice Group across Zambia, Zimbabwe, and Eswatini.
“I have spent my career watching these regulations arrive across the region. The organisations that act now are the ones that will set the standard — not scramble to meet it.”Read Grace's full profile
One Group, Two Mandates
Advisory and training, held to one standard.
Stein Columna Consulting Limited
Specialist advice for organisations navigating data protection, regulatory affairs, and governance.
Stein Columna Training Institute Limited
Professional development for the people who carry compliance, including C-DPO programmes being developed with a leading regional university.
Begin with a clear view of where you stand.
A compliance assessment shows exactly what is required, where the gaps are, and what must happen next.