About

Background

The Government of Rwanda officially gazetted Law Nº 058/2021 of 13/10/2021 relating to the protection of personal data and privacy on 15th October 2021.

This Law designates the National Cyber Security Authority (NCSA) as the supervisory authority in the Republic of Rwanda.

On 31 March 2022, the National Cyber Security Authority officially launched its data protection office, which will spearhead all activities related to protecting personal data of individuals in Rwanda.

Mission

To ensure protection of personal data and guarantee the privacy of individuals as provided by the Law Nº 058/2021 of 13/10/2021 relating to the protection of personal data and privacy

Duties

  • To oversee the implementation of the Law Nº 058/2021 of 13/10/2021 relating to the protection of personal data and privacy
  • To respond to every legitimate request for an opinion regarding personal data processing
  • To inform the data subject, the data controller, the data processor and a third party of their rights and obligations
  • To put in place a register of data controllers and data processors
  • To investigate the subject matter of the complaint lodged by the data subject, the data controller, the data processor or a third party relating to the processing of personal data
  • To receive and consider the data subject’s appeal
  • To advise on matters relating to the protection of personal data and privacy
  • To cooperate with authorities, organizations or entities operating within the country or abroad in the protection of personal data and privacy