Privacy Law at Uganda
Uganda's Data Protection and Privacy Act, 2019 (Act No. 9 of 2019) establishes a comprehensive legal framework for the collection, processing, and protection of personal data. The Act aims to safeguard individuals' privacy rights while regulating data handling practices within Uganda and by entities outside the country that process data related to Ugandan citizens.
Key Provisions of the Data Protection and Privacy Act, 2019
1. *Scope and Application
The Act applies t: ndividuals, institutions, or public bodies collecting, processing, holding, or using personal data within Ugand. Entities outside Uganda that collect, process, hold, or use personal data relating to Ugandan citizen.
2. Consent and Data Collection
Prior Consent Personal data must be collected or processed with the prior consent of the data subject, except where collection is authorized or required by law, necessary for public duty, national security, or other specified purpose.
Children's Data Collection of personal data relating to children requires prior consent from a parent or guardian, unless it's necessary to comply with the law or for research/statistical purpose.
Special Categories of Data The Act prohibits the collection or processing of sensitive personal data, such as religious beliefs, political opinions, sexual life, financial information, and health status, unless specific conditions are me.
3. *Rights of Data Subjects
Individuals have the right t:Access their personal dat.Request correction or deletion of inaccurate or outdated dat. to the processing of their dat Be informed about the purpose and recipients of their dat. Withdraw consent at any tim.
4. *Data Protection Office
The Personal Data Protection Office, under the National Information Technology Authority – Uganda (NITA-U), is responsible fo: Overseeing the implementation and enforcement of the Ac. Promoting privacy rights and data protection awarenes. Monitoring compliance and investigating complaint. Maintaining a data protection registe.
5. Data Retention and Security
Retention Personal data should not be retained longer than necessary to achieve the purpose for which it was collected, unless required by law or with the data subject's consen.
Security Data controllers and processors must implement appropriate security measures to protect personal data from unauthorized access, disclosure, alteration, or destructio.
6. *Cross-Border Data Transfers
When personal data is processed or stored outside Uganda, the data controller or processor must ensure that the destination country provides adequate protection for personal data or obtain the data subject's consen.
7. Enforcement and Penalties
Complaints Data subjects can file complaints with the Personal Data Protection Office regarding violations of their right.
Compensation Data subjects are entitled to seek compensation for damage or distress caused by non-compliance with the Ac.
Appeals Decisions of the Personal Data Protection Office can be appealed to the Minister within 30 days.
📝 Summary
Uganda's Data Protection and Privacy Act, 2019, provides a robust legal framework to protect individuals' personal data and privacy righs. It establishes clear guidelines for data collection, processing, and retention, while also setting up mechanisms for enforcement and redres Entities operating in Uganda or dealing with Ugandan citizens' data must comply with these provisions to ensure data privacy and avoid potential penalties.
RELATED Blog
0 comments