Privacy Law at Rwanda
Rwanda has established a comprehensive data protection and privacy framework through Law No. 058/2021, officially gazetted on October 15, 2021. This legislation aligns Rwanda with international data protection standards, supporting the growth of the digital economy and enhancing citizens' control over their personal data.
🇷🇼 Key Provisions of Rwanda’s Data Protection Law
1. Consent and Data Processing
Explicit Consent Individuals must provide clear and unambiguous consent for the collection, storage, and processing of their personal dat.
Scope The law applies to both automated and non-automated processing of personal data by entities established in Rwanda or those processing data of individuals located in Rwand.
2. Rights of Data Subjects
Access and Rectification Individuals have the right to access and request correction of their personal dat.
Erasure Data subjects can request the deletion of their personal data under certain condition.
Portability the law grants the right to data portability, allowing individuals to transfer their data to other service provider.
Automated Decisions Individuals can object to decisions based solely on automated processing, including profiling, that significantly affect the.
3. Data Controllers and Processors
Registration Entities acting as data controllers or processors must register with the supervisory authorit.
Data Protection Officer (DPO) Organizations are required to appoint a DPO if their core activities involve large-scle processing of sensitive data or regular monitoring of data subject.
4. Data Security and Breach Notification
Logging Mandatory logging of data processing activities, including collection, access, disclosure, and erasur.
Breach Notification Obligation to notify the supervisory authority and affected individuals in case of a data breac.
5. Cross-Border Data Transfers
Adequacy Transfers of prsonal data to other countries are permitted if the receiving country ensures an adequate level of data protectio.
Safeguards In the absence of adequacy, data controllers must implement appropriate safeguards, such as binding corporate rules or standard contractual clause.
6. Enforcement and Penalties
Administrative Fines Fines up to 1% of the global annual turnover for non-complianc.
Criminal Penalties Imprisonment ranging from 1 to 10 years and fines up to 5% of the annual turnover for severe violations, such as unlawful data sale or processing of sensitive data without consen.
🧭 Summary
Rwanda's Data Protection Law provides a robust framework to safeguard personal data, ensuring individuals' rights are protected while fostering a secure environment for digital innovation and cross-border data flw Compliance with this law is crucial for organizations operating in or with Rwanda to avoid significant penalties and maintain trust with data subjecs.
RELATED Blog
0 comments