Rwanda’s law on the protection of personal data and privacy (DPP Law)

DPP Law Table of contents

Art. 41

Duties of the personal data protection officer

The personal data protection officer has the following duties:

  1. to inform and advise the data controller, the data processor and the employees who carry out personal data processing, of their obligations pursuant to this Law;
  2. to monitor, in his or her area of work, compliance with this Law and with the policies of the data controller or data processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in personal data processing operations, and the related audits;
  3. to provide advice where requested as regards the data protection impact assessment and monitor its performance;
  4. to cooperate with the supervisory authority and to act as its contact point on issues relating to processing of personal data, including the prior consultation with the supervisory authority, and to consult, where appropriate, with regard to any other matter.

The personal data protection officer must in the performance of his or her tasks have due regard to the risk associated with personal data processing operations, considering the nature, scope, context and purpose of processing.