Trends Analysis (2021-2025)
Telecommunications
We dive into the five-year performance trajectories (2021–2025) of the evaluated companies and entities in the telecommunications sector. By analysing historical trends and core metrics, this section reveals key patterns, competitive advantages, and priority improvement areas providing actionable insights into compliance drivers and hurdles to empower better decision-making and forward-thinking planning.
Trends in performance of assessed companies over time in the Telecommunication Sector
Performance Trends for Assessed Telecommunications Companies over the Years (2024-2025) in Rwanda
The performance data for Rwandan telecommunications operators highlights varying levels of maturity and progress in privacy and data protection practices. While MTN Rwanda demonstrates clear improvement, Airtel Rwanda and Liquid Home Rwanda show limited gains, suggesting differences in governance, investment, and operational prioritisation.
MTN Rwanda's performance has improved from 57% in 2024 to 63% in 2025. This upward trend indicates a deliberate and structured approach to enhancing privacy and data protection practices, likely involving strengthened policies, governance frameworks, and technical safeguards. MTN Rwanda demonstrates growing privacy maturity, embedding compliance and risk management into operational processes. Continued focus on monitoring, accountability, and privacy by design will help sustain and further improve its performance, reducing regulatory and operational risk.
Airtel Rwanda's performance has remained largely static, increasing slightly from 32% in 2024 to 33% in 2025. This minimal change suggests limited progress in institutionalising privacy practices or enhancing technical safeguards. Airtel Rwanda appears to be at an early stage of privacy maturity. Without strategic investment.
Liquid Home Rwanda exhibits a slight decline in performance, from 36% in 2024 to 34% in 2025. This decrease indicates challenges in maintaining or updating existing privacy practices. The decline may reflect operational gaps, insufficient oversight, or limited integration of privacy considerations into business processes. Liquid Home Rwanda's performance signals emerging risk in privacy governance. To improve, the organisation needs to prioritise consistent implementation of privacy policies, strengthen technical and organisational safeguards, and ensure privacy by design is embedded into service delivery and operational processes.
In sum, MTN Rwanda leads in privacy and data protection maturity, showing measurable improvement. In contrast, Airtel Rwanda remains largely stagnant, and Liquid Home Rwanda exhibits slight regression. Collectively, these trends suggest that while MTN Rwanda is progressing toward stronger compliance and operational security, Airtel and Liquid Home Rwanda need focused interventions to stabilise and advance their privacy practices.
Performance Trends for Assessed Telecommunications Companies over the Years (2024-2025) in Tanzania
The data from 2024 to 2025 shows distinct differences in privacy and data protection maturity among major Tanzanian telecom operators. The trends highlight progress, stagnation, and areas of potential risk exposure.
Vodacom demonstrates strong and consistent improvement, increasing from 62% in 2024 to 74% in 2025. This upward trajectory reflects deliberate investments in governance, technical safeguards, and regulatory compliance. The performance indicates a mature privacy posture with effective implementation of privacy principles across lawfulness, data security, accountability, and privacy by design. Vodacom leads the market in privacy maturity. Sustaining this performance will require ongoing monitoring, proactive adaptation to regulatory changes, and continued embedding of privacy practices into all operations.
Tigo Tanzania improved moderately from 35% in 2024 to 43% in 2025. The growth reflects incremental enhancement of privacy and data protection practices, likely through strengthened policies, security measures, and governance oversight. However, the overall score indicates that Tigo still operates at a moderate level of maturity, with further work required to consistently meet regulatory expectations. Tigo should continue to strengthen accountability structures, implement robust technical safeguards, and ensure privacy by design is integrated into service delivery to maintain progress and reduce operational risk.
TTCL shows a slight decline from 30% in 2024 to 29% in 2025. This trend indicates challenges in sustaining prior controls or in adapting privacy frameworks to evolving operational and regulatory demands. The low and declining performance signals limited embedding of privacy principles and weak governance structures. TTCL faces significant privacy and compliance risk. Urgent investment in governance, technical safeguards, and systematic monitoring is required to prevent further deterioration and to improve institutional privacy maturity.
Airtel Tanzania demonstrates steady improvement, rising from 42% in 2024 to 50% in 2025. The upward trend reflects deliberate efforts to strengthen privacy governance, enhance technical and organisational safeguards, and improve alignment with regulatory requirements. Airtel Tanzania is building a moderate level of privacy maturity. Continued focus on embedding privacy by design, enhancing oversight, and ensuring consistent application across operations will be critical to sustaining improvements.
Vodacom Tanzania leads the market with strong privacy maturity and consistent progress. Airtel Tanzania shows steady improvement, while Tigo Tanzania is moderately advancing. TTCL remains stagnant with a slight decline, indicating emerging privacy and compliance risks.
Performance Trends for Assessed Telecommunications Companies over the Years (2023-2025) in Mauritius
Emtel demonstrates a consistent and sustained improvement in privacy performance, increasing from approximately 38% in 2023 to 44% in 2024 and reaching 56% in 2025. This upward trajectory reflects a structured and deliberate approach to strengthening privacy and data protection practices, rather than isolated or reactive interventions. The progression indicates that privacy controls are increasingly embedded within organisational processes and decision-making frameworks. The 2024 assessment correctly identified Emtel as improving but not yet fully aligned with higher international privacy standards. The 2025 results confirm that these gaps are being actively addressed, positioning Emtel as the most mature organisation among its peers in terms of privacy governance.
From a lawfulness, fairness, and transparency perspective, Emtel's steady improvement suggests increasing maturity in lawful processing mechanisms, clearer and more consistent privacy notices, and more robust management of consent and customer communications across the organisation. With regard to data security and integrity, the sustained upward trend points to the ongoing strengthening of technical and organisational safeguards, supported by improved risk management practices and incident preparedness. The absence of significant performance volatility indicates that security controls are not only implemented but also effectively maintained and periodically reviewed. Emtel's performance also reflects strong accountability and governance, evidenced by consistent year-on-year improvement, defined roles and responsibilities, and clear management ownership of privacy risks. Furthermore, the results indicate growing alignment with privacy by design and default, with privacy considerations increasingly integrated into system development, service design, and operational processes.
MyT's privacy performance exhibits volatility over the assessment period, followed by a marked improvement in 2025. After a marginal decline from approximately 29.3% in 2023 to 28.0% in 2024, the organisation recorded a significant increase to 49% in 2025. The decline observed in 2024 highlighted challenges in maintaining momentum in privacy compliance and keeping pace with evolving regulatory and operational demands. The sharp rebound in 2025 indicates that corrective actions were implemented in response to identified weaknesses. While this improvement is notable, the abrupt nature of the increase suggests a remediation-driven approach rather than a sustained, incremental maturity model. As such, MyT's privacy posture has improved substantially, but its long-term sustainability remains dependent on continued governance, monitoring, and institutionalisation of controls.
From a lawfulness, fairness, and transparency perspective, the 2024 decline points to earlier difficulties in maintaining compliant processing practices and adapting to regulatory change. The improvement in 2025 suggests corrective measures, including updates to privacy notices, processing records, and consent management mechanisms; however, the scale and speed of progress indicate that consistent application across all operations may still be maturing. In relation to data security and integrity, the 2025 performance increase reflects accelerated strengthening of technical and organisational safeguards, potentially through enhanced controls, policies, and monitoring capabilities. While these measures reduce immediate risk exposure, their reactive implementation underscores the need for sustained investment and ongoing effectiveness testing. With respect to accountability and governance, MyT appears to be transitioning toward stronger ownership of privacy risks. Nevertheless, year-on-year performance volatility indicates that governance structures, assurance processes, and management oversight are not yet fully embedded. Alignment with privacy by design and default is improving, but privacy considerations may still be applied retrospectively rather than being consistently integrated into the design of new systems, products, and initiatives.
Liquid Telecom demonstrates a moderate level of privacy capability followed by a decline in performance in 2025, decreasing from approximately 40% in 2024 to 36% in 2025. While earlier results indicated a reasonable baseline, the downward trend suggests growing challenges in sustaining and evolving existing privacy and data protection controls in line with increasing operational complexity and regulatory expectations. This pattern indicates the potential emergence of privacy debt, whereby controls exist but are not sufficiently updated, resourced, or consistently enforced. Without targeted intervention, this decline is likely to translate into elevated compliance and operational risk.
From a lawfulness, fairness, and transparency perspective, the decline may reflect difficulties in maintaining alignment between processing activities, contractual arrangements, and applicable regulatory requirements as the organisation's operations evolve. This increases the risk of inconsistencies in how personal data is processed and communicated to data subjects. In terms of data security and integrity, the reduction in performance points to potential gaps in the maintenance, testing, and periodic review of technical and organisational safeguards. While security controls may be in place, the trend suggests that they may not be keeping pace with changes in systems, data volumes, or the evolving threat landscape. With respect to accountability and governance, the downward trajectory indicates possible weaknesses in oversight, clarity of roles and responsibilities, and prioritisation of privacy risk management. Alignment with privacy by design and default also appears to be weakening, particularly where privacy considerations are not systematically incorporated into system upgrades, process changes, or service expansions.
Atcomm's privacy performance remains consistently low, with no measurable improvement between 2024 and 2025, both recorded at approximately 5%. This sustained stagnation indicates minimal progress in developing or implementing privacy and data protection measures and reflects a very low level of privacy maturity. Compared to industry peers, Atcomm remains at an early stage of privacy capability, exposing the organisation to significant regulatory, operational, and reputational risks.
From a lawfulness, fairness, and transparency perspective, the lack of improvement suggests insufficient formalisation of lawful processing bases, limited or unclear privacy notices, and weak mechanisms for communicating with data subjects. In relation to data security and integrity, the persistently low performance strongly indicates inadequate technical and organisational safeguards, significantly increasing the likelihood of data breaches, data loss, or unauthorised access. Atcomm also demonstrates limited alignment with accountability and governance principles, with little evidence of defined roles and responsibilities, management oversight, or structured privacy risk management. Furthermore, there is minimal indication of privacy by design and default, with privacy considerations unlikely to be embedded into system development, operational processes, or service delivery.
In sum, performance over the years demonstrates that sustained improvement and principle-based governance are key determinants of privacy maturity. Emtel shows strong and consistent alignment with core privacy principles, MyT has made notable but reactive gains, Liquid Telecom exhibits early signs of control erosion, and Atcomm remains significantly exposed. These trajectories provide a clear basis for prioritising risk mitigation efforts and regulatory engagement heading into 2026.
Performance Trends for Assessed Telecommunications Companies over the Years (2023-2025) in Zimbabwe
The performance trends observed across the four operators between 2023 and 2025 reveal divergent trajectories in maturity, consistency, and sustainability of organisational practices. While some operators demonstrate progress and responsiveness, others exhibit volatility or persistent weaknesses that raise concerns regarding the robustness of their underlying frameworks.
Econet's performance shows a mixed trajectory over the assessment period. After a significant improvement from 24.6% in 2023 to 50.0% in 2024, the score declined sharply to 25.0% in 2025. Last year's analysis correctly identified Econet's 2024 improvement as a strong signal of enhanced practices, likely driven by focused investments in compliance, security controls, and policy refinement. However, the subsequent decline in 2025 suggests that these improvements may not have been fully institutionalised. The drop indicates potential challenges in sustaining momentum, such as inconsistent implementation across business units, resource reallocation, or reduced governance oversight. While Econet demonstrated the capacity to improve rapidly, the volatility points to a need for stronger operationalisation, continuous monitoring, and embedded governance to ensure that gains are durable rather than episodic. Econet's practices appear capable but insufficiently stabilised. Without reinforcing accountability and ongoing assurance mechanisms, performance gains may continue to fluctuate, exposing the organisation to compliance and operational risk.
Telone's performance reflects a steady downward trend followed by only partial recovery. After declining from 28.7% in 2023 to 19.0% in 2024, Telone recorded a modest improvement to 27.0% in 2025. Last year's analysis highlighted the 2024 decline as a significant concern, signalling potential underinvestment in frameworks, weak compliance execution, or emerging risk exposures. The 2025 improvement suggests that corrective actions may have been initiated in response to these concerns. However, the recovery merely returns Telone to approximately its 2023 level, rather than demonstrating clear progression. This pattern indicates reactive remediation rather than sustained enhancement of practices. Telone appears to be addressing immediate gaps but has yet to demonstrate consistent advancement. Continued focus is required on strengthening governance, resourcing, and long-term capability development to avoid recurring cycles of decline and recovery.
NetOne exhibits the most dramatic change across the period. From a very low score of 4.0% in 2024, the company recorded a substantial increase to 43.0% in 2025. While 2023 data is unavailable, the magnitude of the 2025 improvement strongly suggests a significant intervention, such as the introduction of new controls, frameworks, or leadership-driven initiatives. Although this rebound is noteworthy, the scale and speed of improvement raise questions about maturity and consistency. Such rapid gains often reflect foundational remediation rather than fully embedded practices, and their effectiveness will depend on sustained implementation and oversight. NetOne has made meaningful progress in addressing critical weaknesses, but its practices remain at a transitional stage. The primary risk lies in ensuring that recent improvements are embedded, tested, and maintained over time.
Liquid Home Zimbabwe shows gradual but modest improvement across the period, increasing from 27.0% in 2024 to 29.0% in 2025. While 2023 data is not available, the limited year-on-year growth suggests incremental change rather than transformation. This steady but low-level performance indicates the presence of baseline practices, but also points to constrained momentum, possibly due to limited scope, resources, or prioritisation. Compared to peers showing either strong recovery or significant fluctuation, Liquid Home Zimbabwe appears relatively stable but underdeveloped. Without more decisive investment and strategic focus, Liquid Home Zimbabwe risks stagnation. Incremental improvement alone may be insufficient to meet rising regulatory and operational expectations.
Last year's analysis accurately identified Econet as an improver and Telone as an organisation facing setbacks. The 2025 data adds nuance to this assessment: Econet's gains have proven difficult to sustain, while Telone has stabilised but not yet progressed. The emergence of NetOne as a rapidly improving performer introduces a new dynamic, while Liquid Home Zimbabwe remains largely unchanged at a low-to-moderate level. Overall, the data highlights that sustained performance is more indicative of mature practices than short-term gains. Organisations demonstrating volatility face heightened risk that improvements are not embedded, while those showing limited movement risk falling behind evolving expectations. To improve outcomes, all operators must prioritise consistent governance, continuous monitoring, and long-term institutionalisation of practices rather than relying on periodic corrective efforts.
Performance Trends for Assessed Telecommunications Companies over the Years (2022-2025) in Kenya
The performance trends across Safaricom, Zuku, Airtel Kenya, and Jamii Telecommunications Limited (JTL) highlight varying levels of maturity, consistency, and responsiveness in privacy and data protection practices. While some operators demonstrate steady improvement, others show volatility or delayed progress, which has implications for operational resilience and regulatory compliance.
Safaricom's performance has fluctuated over the past four years. After peaking at 65% in 2022, the score declined to 53% in 2024 before stabilizing at 51% in 2025. Last year's analysis acknowledged the company's strong historical performance and ongoing efforts to enhance its data protection frameworks. The slight decline from 2022 indicates potential operational or regulatory challenges, but the overall improvement since 2023 reflects continued commitment to safeguarding user data. The observed trend suggests that while Safaricom has a mature privacy posture, sustaining high performance requires ongoing governance, monitoring, and adaptation to regulatory changes, particularly given the large volumes of personal and financial data it handles. Safaricom demonstrates a strong privacy framework but must maintain continuous oversight to prevent minor dips from becoming systemic issues.
Zuku's performance shows a remarkable rebound in 2025, rising to 60% from 31% in 2024 and 31.9% in 2023. Previously, last year's analysis noted the company's stagnation and low privacy maturity. The 2025 improvement indicates that Zuku has likely implemented corrective measures, such as enhanced policies, technical controls, or governance mechanisms. Despite this rapid progress, the dramatic nature of the improvement suggests remediation-driven change rather than fully embedded practices. The sustainability of these gains will depend on consistent application of controls, regular monitoring, and integration of privacy by design principles. Zuku has taken significant steps to strengthen its privacy posture, but attention is needed to institutionalize these changes and ensure long-term compliance and operational resilience.
Airtel Kenya has shown a consistent upward trajectory, improving from 36.7% in 2022 to 51% in 2024 and further to 76% in 2025. Last year's analysis highlighted the positive trend and commitment to aligning practices with best-in-class standards. The continued growth indicates that Airtel Kenya is systematically addressing gaps in its privacy and data protection framework, including technical safeguards, policy updates, and compliance mechanisms. The steady progression suggests that privacy considerations are increasingly embedded into operational processes, risk management practices, and governance structures. Airtel Kenya demonstrates strong and improving privacy maturity. Sustaining this trajectory will require ongoing investment in security controls, employee awareness, and regulatory alignment to maintain trust and competitive advantage.
JTL shows gradual improvement, rising from 47% in 2024 to 50% in 2025. While 2023 and earlier data are not fully available, the modest growth indicates that foundational practices are in place, but momentum remains limited. The incremental progress suggests that improvements are likely operational or compliance-driven rather than reflective of a comprehensive strategic privacy framework. JTL's privacy posture is developing but remains relatively nascent. Greater emphasis on formal governance structures, technical safeguards, and integration of privacy by design will be necessary to achieve parity with leading operators.
Last year's assessment accurately identified Safaricom as strong but facing minor challenges, Zuku as stagnant, and Airtel Kenya as improving steadily. The 2025 data adds nuance: Zuku demonstrates a marked rebound, Airtel Kenya continues its strong upward trend, Safaricom shows minor decline but retains high maturity, and JTL exhibits modest incremental improvement. Overall, the data underscores that sustained privacy performance reflects embedded governance and operationalisation, while rapid gains may signal remediation efforts that require consolidation. Safaricom and Airtel Kenya demonstrate mature and improving practices, Zuku shows significant catch-up progress, and JTL remains in an early development stage. All operators should continue prioritizing compliance, security, and governance to ensure sustainability, regulatory alignment, and customer trust.
Performance Trends for Assessed Telecommunications Companies over the Years (2021-2025) in Uganda
The performance trends among the major telecommunications providers in Uganda reveal significant differences in maturity, consistency, and responsiveness in privacy and data protection practices. Some operators demonstrate steady progress, while others show volatility, reflecting differing approaches to governance, operationalisation, and compliance.
MTN Uganda has shown strong and consistent improvement over the assessment period, increasing from 20% in 2021 to 31.66% in 2022, 46.83% in 2023, 69% in 2024, and reaching 70% in 2025. Last year's analysis highlighted MTN Uganda's rapid rise as a clear indication of significant investment in data protection policies, compliance, and technical safeguards. The continued improvement in 2025 reinforces the view that MTN Uganda has embedded privacy considerations into operational processes, governance structures, and risk management practices. The organisation demonstrates high privacy maturity, capable of handling sensitive user information in alignment with regulatory expectations. MTN Uganda's practices are robust and maturing, but sustaining high performance will require continuous monitoring, adaptation to regulatory developments, and ongoing reinforcement of governance mechanisms.
Lycamobile exhibits a volatile trajectory. After improving from 25% in 2022 to 39.76% in 2023, its score declined sharply to 33% in 2024, before rebounding to 57% in 2025. Last year's analysis identified the 2024 drop as a signal of challenges in maintaining privacy and security practices, potentially due to inconsistent implementation, limited investment, or gaps in compliance. The 2025 rebound indicates that corrective actions were implemented, likely targeting governance, technical safeguards, and compliance frameworks. However, the abrupt nature of the increase suggests that improvements are remediation-driven and may not yet be fully institutionalised across all operations. Lycamobile is capable of making significant improvements but must focus on embedding controls and monitoring mechanisms to ensure sustained privacy maturity and compliance.
Airtel Uganda demonstrates steady progress, improving from 40% in 2021 to 44% in 2024, and reaching 50% in 2025. The upward trend indicates systematic enhancement of privacy policies, security measures, and governance structures. While the company's performance lags behind MTN Uganda, it reflects deliberate and incremental investment in privacy practices. Airtel Uganda is developing a moderate level of privacy maturity. Continued focus on embedding privacy by design, strengthening technical safeguards, and reinforcing governance is needed to maintain momentum and achieve parity with leading operators.
Roke Telkom shows variable performance, scoring 55% in 2024 but declining to 47% in 2025. This decline suggests challenges in sustaining improvements, potentially due to operational changes, governance lapses, or emerging risks in data protection. The downward movement underscores the need for strengthened oversight, consistent implementation of technical safeguards, and periodic review of privacy frameworks. Roke Telkom demonstrates the potential for high privacy performance but must stabilise its practices to avoid fluctuations that could expose the organisation to regulatory, operational, and reputational risks.
Last year's assessment highlighted MTN Uganda as the most progressive, Lycamobile as declining, and Airtel Uganda as steadily improving. The 2025 data largely confirms these observations while showing that Lycamobile has achieved a substantial recovery and that Roke Telkom's performance has weakened slightly. The data highlights that sustained privacy performance requires consistent governance, institutionalised practices, and proactive monitoring. MTN Uganda stands out as the most mature operator, Airtel Uganda shows steady progress, Lycamobile demonstrates remediation-driven improvement, and Roke Telkom faces volatility. All operators must prioritise embedding privacy by design, strengthening technical safeguards, and ensuring continuous compliance to maintain trust and meet regulatory expectations.
All the companies assessed should prioritise institutionalising privacy governance, embedding privacy by design, strengthening technical safeguards, and maintaining ongoing monitoring to ensure compliance, protect customer data, and enhance stakeholder trust in 2026.