Rwanda’s Data Protection & Privacy Office observes its first Data Privacy Week
Data Privacy Day was launched 15 years ago by the Council of Europe to remember the signature of the first legally binding international instrument in the data protection field known as “Convention 108”.
Each year on the 28th January, countries across the globe use Data Privacy Day to celebrate this milestone, and raise awareness of data protection and privacy best practices.
What began as a one-day awareness-raising effort, was expanded into a week-long initiative in the form of Data Privacy Week due to a globally recognized need for more awareness on personal data protection and privacy.
For the first time since its launch in 2022, Rwanda’s Data Protection & Privacy Office joined the globe to celebrate Data Privacy Week from January 23rd – 28th 2023, conducting a number of awareness raising activities on compliance with Rwanda’s personal data protection and privacy law.
The campaign engaged non-governmental organizations, businesses and sector regulators in three separate information sessions on compliance and the challenges within the compliance process.
This enabled the Data Protection & Privacy Office to reiterate the institutional steps towards compliance, which include appointing a Data Protection & Privacy Officer, conducting a Data Inventory and registering with the Data Protection & Privacy Office as a Data Controller or Data Processor amongst other responsibilities.
The Data Protection & Privacy Office also emphasized that the law provides consent of the user as a key foundation for lawful collection and processing of personal data.
The office continued that gaining clear consent of the user, alongside other implications of the law on personal data protection and privacy, necessitate the implementation of technical and organizational measures that will ensure the protection of personal data and privacy of Data Subjects.
Additionally, during these information sessions Data Controllers and Data Processors were given a platform to discuss their respective compliance journeys with the Data Protection & Privacy Office.
Participants showed a particular interest in personal data hosting outside Rwanda requests. The Data Protection & Privacy Office clarified that personal data hosting outside Rwanda is not prohibited but the law provides for requirements to request for authorization to do so. The Data Protection & Privacy Office made clear that guidance on this topic would be available soon online on the Data Protection & Privacy Office website.
On social media, the Data Protection & Privacy Office shared helpful compliance tips on the hashtag #DataPrivacyWeekRw, where other users also contributed their views to the conversation.
In the upcoming months, the Data Protection & Privacy Office will carry out a national public awareness campaign on the benefits of the law on personal data protection and privacy and related personal data processing obligations for Data Controllers and Data Processors.
All individuals or institutions that process personal data of individuals in Rwanda must be registered with the Data Protection & Privacy Office by 15 October 2023.
To learn more about compliance and registration, visit the Data Protection & Privacy Office website at www.dpo.gov.rw.