Rwanda

Summary

Law: The Law No. 058/2021 of 13 October 2021 Relating to the Protection of Personal Data and Privacy ('the Data Protection Law')

Regulator: The National Cyber Security Authority

Summary: The Data Protection Law was published, on 15 October 2021, in the Rwanda Official Gazette. The Data Protection Law introduces principles related to lawfulness, fairness and transparency, purpose limitation and accuracy, and obligations related to data subject rights, registration as a data controller or data processor, pseudonymisation, sensitive data, data transfers, designation of a data protection officer, Data Protection Impact Assessments, and data breach notifications. In addition, the Data Protection Law provides for administrative fines on data controllers, data processors and third parties who commit misconduct of not less than RWF 2 million (approx. €1,500) but not more than RWF 5 million (approx. €4,240) or 1% of the global turnover.

Browse more content in Rwanda

All Guidance Notes

All News

All Insights

News

11 August 2022

Rwanda: NCSA publishes guidance on right to object

17 May 2022

Rwanda: NCSA publishes guidance on right to portability, rectification, and erasure

04 May 2022

Rwanda: NCSA publishes guide on children's personal data

22 April 2022

Rwanda: NCSA publishes guide on key principles for processing personal data

14 April 2022

Rwanda: NCSA publishes guide on key data protection terms

08 April 2022

Rwanda: NCSA officially launches its data protection office

08 April 2022

Rwanda: NCSA publishes guide on controller and processor registration

24 March 2022

Rwanda: NCSA publishes FAQs on whether organisations are controllers or processors

02 March 2022

Rwanda: NCSA publishes DPO guidance

28 January 2022

Rwanda: NCSA publishes guidance on categorisation of data controllers and processors

14 January 2022

Rwanda: NCSA issues notice on data subject rights

31 December 2021

Rwanda: NCSA publishes FAQs on data protection law

Insights

December 2021

Rwanda: Overview of Vendor Privacy Contracts

October 2021

Rwanda: New personal data protection law - Key aspects

The anticipated data protection law in Rwanda, first of its kind, was adopted by the Chamber of Deputies in its sitting of 12 August 2021 and was published in the Official Gazette of the Republic of Rwanda on 15 October 2021 as Law No. 058/2021 of 13 October 2021 relating to the Protection of Personal Data and Privacy ('the Law')¹. The Law entered into effect upon its publication in the Official Gazette, in accordance with Article 70 of the Law. The Law, however, provides for a transitional period not exceeding two years from the date of its publication in the Official Gazette for controllers and processors, who are already in operation, to conform their operations to the provisions of the Law, as per Article 67 of the Law. The purpose of this article is to summarise the key provisions of the Law.

Rwanda

Summary

Browse more content in Rwanda

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us