Rwanda’s Law relating to the protection of personal data and privacy (DPP Law) promotes secure, lawful, and transparent data practices, both locally and internationally. One of its purposes is to enable responsible digital transformation, supporting trust, trade and sustainable growth in public and private sectors.
Cloud storage is permitted under the DPP Law, including for personal data hosted outside the country if proper safeguards are in place. Organizations can store data locally, on-premises, in the cloud, or with external providers. However, storing personal data outside Rwanda requires authorization from the National Cyber Security Authority (NCSA) among other compliance requirements in the Law.
Data Security and safeguards are essential. Regardless of storage type or location, organizations must implement appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or misuse.
Compliance is mandatory. Non-compliance with these legal requirements can result in reputational damage, financial penalties, or operational restrictions. Let’s build a culture of privacy and accountability while ensuring individual rights to privacy are protected in the digital ecosystem.