Intego ni ugukomeza kugenzura no guha ubwisanzure ba nyiri ubwite ku makuru yabo bwite, bityo bigafasha kubahiriza uburenganzira n’ubwisanzure bwabo bw’ibanze. Ibi by’umwihariko birebana n’uburenganzira ku mibereho bwite yabo, bujyanye n’amahame mpuzamahanga yo kurinda amakuru bwite, kandi ni ingenzi mu bukungu bwa none bushingiye ku ikoranabuhanga, bufasha serivisi nk’ubucuruzi bukorerwa kuri interineti, ihererekanya mpuzamahanga ry’amafaranga, ndetse n’izindi serivisi zitandukanye zikorerwa kuri interineti.

Intego nyamukuru z'iri Tegeko ni: 

• Guha abaturage ubushobozi bwo kugenzura no kwihitiramo uburyo amakuru yabo yihariye akoreshwa.

• Gushyiraho uburyo bwizewe kandi butekanye bwo guhererekanya amakuru, haba mu gihugu imbere cyangwa ku rwego mpuzamahanga.

• Gutanga icyizere gishingiye ku mategeko ku bigo bisanzwe bikora n’abashoramari bashya, no gushyiraho uburyo bukwiye bugamije gufasha ibigo bito n’ibiciriritse.

• Kongera umuvuduko ku cyerekezo cy’U Rwanda cyo kugera ku bukungu bushingiye ku ikoranabuhanga no ku makuru.

• Abantu ku giti cyabo n’ibigo bikorera mu Rwanda, bitunganya amakuru bwite y’abantu mu Rwanda (si ku benegihugu gusa).

• Abantu ku giti cyabo n’ibigo bikorera bikorera hanze y’U Rwanda, bitunganya amakuru bwite y’abantu mu Rwanda. 

Nyiri ubwite ni umuntu wamenyekanye cyangwa ushobora kumenyekana, cyane cyane hashingiwe ku kintu kimuranga nk’izina, nimero y’indangamuntu, amakuru y’aho aherereye, ikimuranga mu buryo koranabuhanga cyangwa hashingiwe ku kintu kimwe cyangwa byinshi byihariye biranga imiterere y'umubiri we, imitekerereze ye, inkomoko ye, ubuzima bwe bwo mu mutwe, ubukungu, umuco cyangwa imibereho ye.

Amakuru bwite ni amakuru ayo ari yo yose yerekeye umuntu ku giti cye uzwi cyangwa ushobora kumenyekana, mu buryo buziguye cyangwa butaziguye, by'umwihariko hashingiwe ku kimuranga nk'izina, nimero imuranga, aho aherereye, ikimuranga mu buryo koranabuhanga cyangwa hashingiwe ku kintu kimwe cyangwa byinshi byihariye biranga imiterere y'umubiri we, imitekerereze ye, inkomoko ye, ubuzima bwe bwo mu mutwe, ubukungu, umuco cyangwa imibereho y'uwo muntu ku giti cye.

Imibereho bwite y’umuntu ni uburenganzira bw’ibanze bw’umuntu bwo kwemeza undi muntu ushobora kubona amakuru bwite ye, igihe n’ahantu yayabonera, impamvu yayabona, uburyo akoresha ayabona n’uburyo bwakoreshwa kugira ngo agerweho

Amakuru bwite y’ibanga ni amakuru agaragaza isanomuzi y’umuntu, uko ubuzima bwe buhagaze, ko yafunzwe cyangwa atafunzwe, dosiye ye yo kwa muganga, inkomoko ye mu muryango, imyemerere ye ishingiye ku idini cyangwa ku mitekerereze, ibitekerezo bye bya politiki, amakuru ndangasano cyangwa ay’imiterere ye, ay’ubuzima bw’imibonano mpuzabitsina cyangwa umwirondoro w’umuryango.

Genetic data means personal data relating to the general characteristics of an individual which are inherited or acquired and which provide unique information about the physiology or health of the individual and which result, in particular, from an analysis of a biological sample from the individual in question.

Biometric data means any personal data relating to the physical, physiological or behavioral characteristics of an individual which allow his unique identification, including fingerprint mapping, facial recognition, and retina.

Ibyiciro by'amakuru bwite y'ibanga birimo:

• Isanomuzi y’umuntu

• Imyemerere ye ishingiye ku idini cyangwa ku mitekerereze

• Inkomoko ye mu muryango

• Uko ubuzima bwe buhagaze

• Ay’ubuzima bw’imibonano mpuzabitsina cyangwa umwirondoro w’umuryango

• Amakuru ndangasano cyangwa ay’imiterere ye

• Ko yafunzwe cyangwa atafunzwe

• Dosiye ye yo kwa muganga

Ni igikorwa kimwe cyangwa ibikorwa byinshi, bikozwe ku makuru bwite hakoreshejwe uburyo bw’ikoranabuhanga bwikoresha cyangwa butikoresha, harimo kugera, kubona, gukusanya, kwandika, kunoza, kubika, guhuza cyangwa guhindura, kugarura, gusubiza, guhisha, kwifashisha, gukoresha, kumenyesha amakuru yerekeye umuntu ku giti cye ahererekanijwe, kuyahanahana, kuyahererekanya cyangwa kuyatanga, kuyagurisha, kubuza imikoreshereze yayo, gusiba cyangwa gusenya.

Umuntu ku giti cye, ikigo cya Leta cyangwa icy’abikorera cyangwa urwego bifite ubuzimagatozi, habaho cyangwa hatabaho ubufatanye, bitunganya amakuru bwite kandi bikagena uburyo bwo kuyatunganya.

umuntu ku giti cye, ikigo cya Leta cyangwa icy’abikorera cyangwa urwego bifite ubuzimagatozi byemerewe gutunganya amakuru bwite mu izina ry’umugenzuzi w’amakuru.

Ni ngombwa kwibuka ko ikigo cyangwa umuntu ataba ari umugenzuzi w’amakuru cyangwa utunganya amakuru mu buryo bw’umwihariko. Ahubwo, ugomba kureba amakuru bwite ari gutunganywa n’ibikorwa byo kuyatunganya biri gukorwa, hanyuma ukareba ugena impamvu n’uburyo bw’iryo tunganywa ry’amakuru.

Ugomba kwibaza uti: Ese ni jye ugena:

• impamvu yo gukusanya amakuru bwite.

• uburyo bwemewe n’amategeko bwo gutunganya amakuru

• ubwoko bw'amakuru bwite akusanywa

• icyo amakuru bwite akoreshwa 

• abampa amakuru

• niba habaho itangazwa ry'amakuru bwite, mu gihe bibaye, kuri bande

• icyo kubwira abantu ku byerekeye itunganywa ry'amakuru

• uko ababaza iby'uburengazira bw'abantu basubizwa

• igihe amakuru amara abitswe cyangwa niba agomba guhindurwa mu buryo budasanzwe

Ibi ni ibyemezo bifatwa n’umugenzuzi w’amakuru gusa nka bumwe mu bubasha bwe bwo kugenzura ibikorwa by’itunganywa ry’amakuru. Niba ari wowe ugena impamvu n’uburyo amakuru atunganywa, uba uri umugenzuzi w’amakuru.

Niba wisanga ukurikiza amabwiriza y’undi muntu ku bijyanye no gutunganya amakuru bwite, ugahabwa amakuru bwite n’umukiriya cyangwa undi muntu, cyangwa ukabwirwa amakuru agomba gukusanywa, atari wowe ugena ikusanywa ry’amakuru y’abantu cyangwa amakuru agomba gukusanywa, icyo gihe uba uri utunganya amakuru.

Yego. Mu gihe utunganya amakuru ahawe ububasha bwo gutunganya amakuru bwite ku mpamvu zitandukanye n’izo umugenzi w’amakuru yari yatanze, utunganya amakuru ahita aba umugenzizi w’amakuru ku gice cy’iyo mirimo yo gutunganya amakuru.

Byongeye kandi, mu gihe ikigo ari cyo gishyiraho uburyo bwo gutunganya amakuru ndetse kikaba ari na cyo gitunganya ayo makuru ubwacyo, icyo kigo kiba ari umugenzuzi w’amakuru ndetse n’utunganya amakuru icyarimwe.

Umuntu ku giti cye, ikigo cya Leta cyangwa ikigo cy’abikorera, cyangwa indi sosiyete yemewe n’amategeko, ashobora kuba umugenzi w’amakuru ndetse n’utunganya amakuru icyarimwe igihe ari we ukora ibikorwa byerekeye inzingano za bombi.

The supervisory authority is a public authority that is charged with enforcement of this law relating to the protection of personal data and privacy. This law designates the National Cyber Security Authority (NCSA) as the supervisory authority.

Ingingo ya 28 y’ Itegeko ryerekeye kurinda amakuru bwite n’imibereho bwite by’umuntu ivuga ku bubasha urwego rubifitiye ububasha rufite mu gushyira mu bikorwa inshingano zarwo zikubiye muri iri tegeko. Ubu bubasha burimo gutanga ibyemezo by’iyandikwa no gutanga ibihano byo mu rwego rw’ubutegetsi, n’ibindi.

Yego. Ingingo ya 29 y’ Itegeko ryerekeye kurinda amakuru bwite n’imibereho bwite by’umuntu ivuga ku kwiyandikisha kw’abagenzuzi b’amakuru n’abatunganya amakuru. Umuntu wese ushaka kuba umugenzuzi w’amakuru cyangwa utunganya amakuru agomba kwiyandikisha mu rwego rugenzura.

Urwego rugenzura rutanga icyemezo cy’iyandikwa ku wasabye kwiyandikisha nk’umugenzuzi w’amakuru cyangwa utunganya amakuru wujuje ibisabwa, mu gihe kitarenze iminsi mirongo itatu (30) y’akazi uhereye ku munsi dosiye y’iyandikwa yakiriwe.

Umugenzuzi w’amakuru cyangwa utunganya amakuru ufite icyemezo cy’iyandikwa ashobora gusaba ko icyemezo cye cyongererwa igihe, mu gihe cy’iminsi mirongo ine n’itanu (45) y’akazi mbere y’uko icyemezo asanganywe kirangira.

Ukwemera kwa nyiri ubwite ni kugaragaza mu bwisanzure ibyifuzo bye nta gahato, bishingiye ku bisobanuro yahawe bitarimo urujijo, yumvikanisha akoresheje imvugo, uburyo bw’inyandiko cyangwa bw’ikoranabuhanga cyangwa igikorwa kigaragara kandi gisobanutse ko yemeye itunganywa ry’amakuru bwite ye.

• Kwemera kwa nyiri ubwite bigomba kuba biciye mu mucyo, bishingiye ku makuru yuzuye kandi bishidikanywho, binyuze mu kugaragaza intego z’icyiciro cyose cy’itunganywa ry’amakuru.

• Kwisubiraho ku kwemera bigomba kuba byoroshye igihe icyo ari cyo cyose, kandi ntibigire ingaruka ku buryo amategeko y’itunganywa ry’amakuru yubahirizwa.

• Kwemera bigomba gukorwa mu mvugo, uburyo bw’inyandiko cyangwa bw’ikoranabuhanga

• Kwemera kugomba gukorwa muri rumwe mu ndimi zemewe n’amategeko kandi rwumva na nyiri ubwite.

• Mu gihe cy’ikusanywa ry’amakuru, nyiri ubwite akwiye  kumenyeshwa ko afite uburenganzira bwo kwisubiraho igihe icyo ari cyo cyose.

Yego. Itegeko mu ngingo yaryo ya 9, rivuga ko iyo umugenzuzi w’amakuru, utunganya amakuru cyangwa undi muntu azi ko ari ay’umwana utarageza ku myaka cumi n’itandatu (16) y’amavuko, agomba kubyemererwa n’ufite ububasha bwa kibyeyi kuri uwo mwana hakurikijwe amategeko abigenga.

Imwe mu ngingo ziri mu Itegeko ryerekeye kurinda amakuru bwite n’imibereho bwite by’umuntu  igaragaza ko hakenewe gushyirwaho umukozi ushinzwe kurinda amakuru (DPO) mu gihe cyose hakorwa ibikorwa byo gutunganya amakuru bwite (Ingingo ya 40).

Ikigo cyawe cyaba gikora nk’umugenzuzi w’amakuru, utunganya amakuru , cyangwa ukora byombi icyarimwe, iri tegeko ritegeka ko hagomba gushyirwaho umukozi ushinzwe kurinda amakuru. Kudashyiraho umukozi ushinzwe kurinda amakuru bwite bifatwa nk’ikosa ryo mu rwego rw’ubuyobozi (Ingingo ya 53).

Hakurikijwe Ingingo ya 40, inshingano z’ingenzi umukozi ushinzwe kurinda amakuru afite, ni:

• Kumenyesha no kugira inama umugenzuzi w’amakuru, utunganya amakuru, ndetse n’abakozi bose batunganya amakuru bwite ku nshingano zabo ziteganywa n’iri Tegeko.

• Kugenzura, aho akorera, iyubahirizwa ry’iri Tegeko n’amabwiriza y’umugenzuzi w’amakuru cyangwa utunganya amakuru ku bijyanye no kurinda amakuru bwite, harimo kugena inshingano, gukora ubukangurambaga, kongera ubumenyi, guhugura abakozi batunganya amakuru bwite, ndetse no gukora igenzura.

• Gutanga inama iyo zisabwe ku bijyanye n’isesengura ry’ingaruka zo kurinda amakuru (DPIA) no kugenzura ishyirwa mu bikorwa ryazo.

• Gukorana n’urwego rugenzura no kuba uwo bakorana mu gihe habayeho ibibazo bijyanye no gutunganya amakuru bwite, harimo kugisha inama urwego rugenzura ndetse no kugisha inama, aho bikenewe, ku bindi bibazo byose.

Umutwe wa II w’Itegeko ryerekeye kurinda amakuru bwite n’imibereho bwite by’umuntu riteganya uburenganzira bwa ba nyiri ubwite. Iri Tegeko rishimangira uburenganzira bwabo rigena uburenganzira bukomeye burimo:

1. Uburenganzira bwo kwisubiraho kwa nyiri ubwite (Ingingo ya 8)

2. Uburenganzira ku makuru bwite (Ingingo ya 18)

3. Uburenganzira bwo gutambamira (Ingingo ya 19)

4. Uburenganzira bwo gusubizwa no guhererekanya amakuru bwite (Ingingo ya 20)

5. Uburenganzira bwo kutagengwa n’icyemezo hashingiwe ku itunganywa ry’amakuru bwite ryikoresha (Ingingo ya 21)

6. Uburenganzira bwo kubuza gutunganya amakuru bwite (Ingingo ya 22)

7. Uburenganzira bwo gusiba amakuru bwite (Ingingo ya 23)

8. Uburenganzira bwo gukosora (Ingingo ya 24)

9. Uburenganzira bwo kugena umuzungura ku makuru bwite (Ingingo ya 25)

10. Uburenganzira bwo guhagararirwa (Ingingo ya 26)

Iyo umugenzuzi w’amakuru cyangwa utunganya amakuru bamenye ko amakuru bwite ari ay’umwana utarageza ku myaka cumi n’itandatu (16), bagomba kubanza kubona uburenganzira bw’umuntu ufite inshingano z’ububyeyi cyangwa urera ku mwana, hakurikijwe amategeko abigenga. Ibindi by’umwihariko bigaragara mu ngingo ya 9.

Ni izihe nshingano z’umugenzuzi w’amakuru n’utunganya amakuru?

Umutwe wa VI w’Itegeko ryerekeye kurinda amakuru bwite n’imibereho bwite by’umuntu ufitanye isano n’umubare w’inshingano zireba umugenzuzi w’amakuru n’utunganya amakuru kugira ngo gutunganya amakuru bwite bikorwe mu buryo buboneye kandi bwemewe n’amategeko, harimo:

Amahame yerekeranye no gutunganya amakuru bwite

Abagenzuzi b’amakuru n’abatunganya amakuru bagomba kubahiriza ko itunganywa ry’amakuru bwite rikozwe mu buryo bukurikije amategeko, butabogamye, bunyuze mu mucyo, buboneye, bufitanye isano, butarimo ukwibeshya, bubika amakuru igihe gikwiriye kandi rihura n’icyo rigamije. Ibi bikorwa hubahirizwa uburenganzira bwa ba nyiri ubwite.

Inshingano z’umugenzuzi w’amakuru n’utunganya amakuru

Umugenzuzi w’amakuru n’utunganya amakuru bagomba kwemeza ko amakuru bwite atunganywa hubahirijwe amategeko, kandi bakabasha kugaragaza ko bubahirije ayo mategeko binyuze mu ngamba zitandukanye zirimo gushyira mu bikorwa ingamba zo mu rwego rwa tekiniki n’urw’imitunganyirize, kubika inyandiko z’ibikorwa by’itunganywa ry’amakuru bwite, ndetse no gushyiraho umukozi ushinzwe kurinda amakuru n’izindi ngamba..

Amakuru atangwa mu gihe cyo gukusanya amakuru bwite

Umugenzuzi w’amakuru akusanya amakuru bwite iyo hari ikigamijwe cyemewe n’amategeko gifitanye isano n’igikorwa cye kandi iyo ayo makuru bwite akenewe kugira ngo ikigamijwe kigerweho. Amakuru atangwa kuri nyiri ubwite mu gihe cyo gukusanya amakuru bwite ari mu ngingo ya 42.

Imenyekanisha ku ivogerwa ry’amakuru bwite

Igihe umugenzuzi w’amakuru amenye ko habayeho ivogerwa ry’amakuru bwite, agomba kubimenyesha urwego rugenzura mu masaha mirongo ine n’umunani (48) nyuma yo kubimenya. Iyo utunganya amakuru amenye ko habayeho ivogerwa ry’amakuru bwite, agomba kubimenyesha umugenzuzi w’amakuru mu masaha mirongo ine n’umunani (48) nyuma yo kubimenya.

Raporo ku ivogerwa ry’amakuru bwite

Umugenzuzi w’amakuru akora raporo ku ivogerwa ry’amakuru bwite, akayishyikiriza urwego rugenzura mu gihe kitarenze amasaha mirongo irindwi n’abiri (72) hamwe n’ibimenyetso byose bihari. Ibigomba kuba biri muri raporo bigaragara mu ngingo ya 44.

Kumenyesha nyiri ubwite ivogerwa ry’amakuru bwite

Iyo kuvogera amakuru bwite bishobora kubangamira uburenganzira n’ubwisanzure bya nyiri ubwite, umugenzuzi w’amakuru akimara kubimenya abimenyesha nyiri ubwite mu buryo bw’inyandiko cyangwa bw’ikoranabuhanga ko amakuru bwite ye yavogerewe. Icyakora, hari irengayobora mu ngingo ya 45.

Gutunganya amakuru bwite mu buryo bwemewe n’amategeko

Itegeko rigena ibisabwa nk’ishingiro ryemewe n’amategeko mu itunganywa ry’amakuru mu ngingo ya 46.

Ingamba zo kugenzura umutekano w’amakuru bwite

Umugenzuzi w’amakuru cyangwa utunganya amakuru agomba kurinda amakuru bwite afite, binyuze mu gufata ingamba zikwiye, zumvikana zo mu rwego rwa tekiniki kugira ngo hirindwe itakara, iyangirika cyangwa isenywa ry’amakuru bwite. Ingamba zo kugenzura umutekano w’amakuru bwite zisobanurwa mu ngingo ya 47.

Umutwe wa VII w’Itegeko ryerekeye kurinda amakuru bwite n’imibereho bwite by’umuntu wibanda ku guhanahana, guhererekanya, kubika no gukomeza kubika amakuru bwite.

Ibikwa ry’amakuru bwite

Umugenzuzi w’amakuru cyangwa utunganya amakuru abika amakuru bwite mu Rwanda.

Icyakora, kubika amakuru bwite hanze y’u Rwanda byemewe gusa iyo umugenzuzi w’amakuru cyangwa utunganya amakuru afite icyemezo cy’iyandikwa kimwemerera kubika amakuru bwite hanze y'u Rwanda gitangwa n’urwego rugenzura.

Ihanahana n’ihererekanya ry’amakuru bwite hanze y’u Rwanda

Umugenzuzi w’amakuru cyangwa utunganya amakuru ashobora guhanahana cyangwa guhererekanya amakuru bwite n’undi muntu hanze y’u Rwanda iyo yabiherewe uruhushya n’urwego rugenzura. Ibindi bisabwa bisobanurwa mu ngingo ya 48 n’iya 49.

Kwimura no gucunga amakuru bwite nyuma yo guhindura cyangwa gufunga ibikorwa

Urwego rugenzura rushyiraho amabwiriza agena uburyo bwo kwimura no gucunga amakuru bwite mu gihe ibikorwa by’umugenzuzi w’amakuru cyangwa utunganya amakuru bihindutse cyangwa bifunzwe..

Igihe amakuru bwite amara abitswe

Umugenzuzi w’amakuru cyangwa utunganya amakuru abika amakuru bwite kugeza igihe ikigamijwe mu itunganywa ryayo kigezweho. Ariko, hari umwihariko ugaragara mu ngingo ya 52.

Yego. Ibyaha, amakosa yo mu rwego rw’ubutegetsi ndetse n’ibihano byabyo ni ibi bikurikira:

Ibyaha:

• Kubona, gukusanya, gukoresha, gutanga, guhanahana, guhererekanya cyangwa gutangaza amakuru (Ingingo ya 56)

• Gusenya, gusiba, guhisha cyangwa guhindura amakuru bwite mu buryo bunyuranyije n’iri tegeko (Ingingo ya 58)

• Gusubiza ku makuru bwite ibiyaranga byakuweho mu buryo bunyuranyije n’iri tegeko (Ingingo ya 57)

• Kugurisha amakuru bwite mu buryo bunyuranyije n’iri tegeko (Ingingo ya 59)

• Gukusanya cyangwa gutunganya amakuru bwite y’ibanga mu buryo bunyuranyije n’iri tegeko (Ingingo ya 60)

• Gutanga amakuru atari yo (Ingingo ya 61)

Ibihano:

• Umugenzuzi w’amakuru cyangwa utunganya amakuru ukoze kimwe mu byaha bivugwa mu ngingo ya 56, iya 57, iya 58, iya 59, iya 60 n’iya 61 aba bikoze icyaha. Iyo ahamijwe n'urukiko, ahanishwa ihazabu y’amafaranga y’u Rwanda angana na gatanu ku ijana (5%) by’amafaranga y’ibyo yacuruje mu mwaka w’ingengo y’imari wabanje.

• Urukiko rushobora kandi gutegeka gufunga by’agateganyo cyangwa burundu ikigo cyangwa urwego bifite ubuzimagatozi cyangwa ahakorerwa imirimo hakorewe kimwe mu byaha biteganyijwe muri iri tegeko.

Amakosa yo mu rwego rw’ubutegetsi:

• kutabika inyandiko z’amakuru bwite yatunganyijwe;

• kutandika icyakozwe ku makuru bwite yatunganyijwe;

• gukora nta cyemezo cy’iyandikwa;

• kutamenyekanisha impinduka nyuma yo guhabwa icyemezo cy’iyandikwa;

• gukoresha icyemezo cy’iyandikwa cyarengeje igihe;

• kudashyiraho umukozi ushinzwe kurinda amakuru bwite;

• kutamenyekanisha ivogerwa ry’amakuru bwite;

• kudakora raporo ku ivogerwa ry’amakuru bwite;

• kutamenyesha nyiri ubwite ivogerwa ry’amakuru bwite

Sanctions:

• Umugenzuzi w’amakuru cyangwa utunganya amakuru ahanishwa rimwe ku ijana (1%) by’amafaranga y’ibyacurujwe mu mwaka w’ingengo y’imari wabanje.

• Urwego rugenzura rushobora gushyiraho amabwiriza agena andi makosa n’ibindi bihano byo mu rwego rw’ubutegetsi bitateganyijwe muri iri tegeko.

• On Already Acquired Data

• On New Collected Data

• Storage of personal data

• Share/Transfer of personal data

• Internal Processes of an Institution

  1. Charities and Religious entities

  2. Security companies (including operating security CCTV systems)

  3. Gambling

  4. Operating an educational institution

  5. Health administration and provision of patient care

  6. Hospitality industry firms but excludes tour guides

  7. Property management including the selling of land

  8. Provision of financial services

  9. Telecommunications network or service providers

  10. Businesses that are wholly or mainly in direct marketing

  11. Transport services firms (including online passenger hailing applications)

  12. Businesses that process genetic or/and biometric data

  13. Any businesses that deals with personal data

The data controller and data processor have a transitional period of up to October 15, 2023, to comply with provisions of the law on the processing of personal data (Article 67)

The data controller is required to first register with the supervisory authority. Where the data processor is required to get authorization from the data controller and register with the supervisory authority. (Articles 4, 29 and 30)

The data controller and data processor stores personal data in Rwanda. A valid registration certificate is required to authorize the storage of personal data outside Rwanda (Article 50)

A valid registration certificate is required to authorize the sharing and transfer of personal data outside Rwanda. (Articles 48)

Designation of a data protection officer and adopting appropriate, reasonable technical measures to prevent loss, damage or destruction of personal data. (Articles 40 and 47)

If you are a person, public or private corporate body or legal processing personal data for the following purposes you need to register as a data controller or a data processor with the National Cyber Security Authority (NCSA).

Yego, Itegeko ryerekeye kurinda amakuru bwite n’imibereho bwite by’umuntu ritangira gukurikizwa ako kanya. Ariko, ibigo n’abantu bari basanzwe bakora ibikorwa byo gutunganya amakuru y’abantu mu Rwanda bahawe igihe cy’inzibacyuho kugeza ku itariki ya 15 Ukwakira 2023 kugira ngo babe bujuje ibisabwa byose n’iri tegeko rishya.

In the law on personal data protection and privacy, consent must be freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by an oral, written or electronic statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

There are two possible ways particularly on data processing and registration requirement for data transfer outside Rwanda:

• Authorization provided for under Art.48 (1) of DPP law to transfer personal data outside Rwanda is done during registration to operate as a data controller or data processor; This complements Art. 30 (7) DPP law requiring the applicant to indicate the country to which he/she intends to directly or indirectly transfer the personal data

• A request to transfer personal data outside Rwanda may also be submitted after registration for specific processing reasons of personal data outside Rwanda as the need may arise depending on the changing nature of the business/operations and other reasons described in Art. 48 (2-3) and also in consideration of the required appropriate safeguards as provided for by the Law. Note: If the second scenario (2) comes in after registration, he/she will then be required to request for a change on the registration certificate.

Anyone who is processing or who is willing to process personal data/whoever is already in personal data processing or wants to operate as a data controller or data processor.

It is the removal of personal identifiable information for the purpose of safeguarding personal data.

It remains personal between data subject and the data controllers or processors; that is to say, de-identification should be understood as a technique used to protect individual’s privacy.

The law applies to any natural or legal person who processes personal data, whether that data is received directly from the data subject by the data controller or indirectly from the data controller by a data processor. A natural person is a human being, as opposed to a legal person.

Most of us give personal data to groups such as Government institutions, banks, insurance companies, hospitals, and telecommunication companies to use their services or meet certain conditions. They can also get information about us from other sources.

We refer to organizations or persons who control the contents and use of our personal data as 'data controllers'.

Under the Law Nº 058/2021 of 13/10/2021 Law relating to the protection of personal data and privacy, you have rights regarding the use of these personal data and data controllers have certain responsibilities in how they handle them.

Personal data is any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.

Privacy is a fundamental right of a person to decide who can access his or her personal data, when, where, why and how his or her personal data can be accessed.

When you give your personal data to an organization or person, they have a duty to keep these data private and safe. This process is known as data protection.

If you are not happy with how your personal data are being used, you should contact the organization or person in question. If you believe that the organization or person is still not respecting your data protection rights, you should contact the Data Protection & Privacy Office to ask for help.

You have a range of rights when the organization or person takes and records your personal data.

Right to have your personal data used in line with the law

A data controller who holds information about you must:

• get and use the information fairly;

• keep it for only one or more clearly stated and lawful purposes;

• use and make known this information only in ways that are in keeping with these purposes;

• keep the information safe;

• make sure that the information is factually correct, complete and up-to-date;

• keep the information for no longer than is needed for the reason stated; and

• give you a copy of your personal information when you ask for it.

Right to personal data

1. Data controllers who obtain your personal data must give you:

   • the name of the organization or person collecting the information or for whom they are collecting the information;

   • the reason why they want your personal data; and

   • any other information that you may need to make sure that they are handling your details fairly – for example the details of other organizations or people to whom they may give your personal data.

   If an organization or person gets your personal details from someone else and not directly from you, they must tell you which details they hold and give you the name of the original data controller.

   This right does not apply, however, in a small number of cases where it could harm certain interests – for example when someone is investigating an offence

2. Right to know if your personal details are being held:

   If you think that an organization or person may be holding some of your personal details, you can ask them to confirm. If they do have personal data about you, they must tell you which details they hold and the reason why they are holding this information and its source.

   You can ask for this information free of charge

3. Right to know whether your personal data have been transferred to a third country or to an international organization

   In all above cases, the data controller or the data processor has to respond to you within thirty (30) days from the date of receipt of the request.

   If you are not satisfied with the response of the data controller or the data processor you may appeal to the Data Protection & Privacy Office within thirty (30) days from the date of receipt of the response.

Right to rectification your details

If you discover that a data controller has details about you that are not factually correct, you can ask them to correct them where necessary.

You can write to the organization or person, explaining your concerns or outlining which details are incorrect. Within 30 days, the organization must do as you ask or explain why they will not do so.

Right to object

A data controller may intend to use your details for official purposes, in the public interest or for their own interests. If you feel that doing so could cause you loss, sadness or anxiety, you may ask the data controller not to stop using your personal data.

However, this right does not apply if the data controller or the data processor demonstrates compelling legitimate grounds for the personnel data processing.

For example

• you have already agreed that the data controller can use your details;

• a data controller needs your details under the terms of a contract to which you have agreed;

• a data controller needs your details for legal reasons.

You have the right to ask a data controller or data processor to stop processing your personal data if are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.

There is no charge for objecting.

Right to restriction of processing of personal data

You have the right to restrict the data controller from processing your personal data for a given period if:

• You contested the accuracy of your personal data

• The processing is unlawful and you request the erasure

• You object to the processing of personal data

The right is not exercised if the processing of personal data:

• is necessary for the protection of the rights of another person

• is necessary for reasons of public interest

Right to personal data portability

You have the right to request the data controller to resend the personal data concerning you as it was provided

You also have the right to request the data controller your personal data transmitted to another data controller, where technically feasible, without hindrance.

In all above cases, the data controller has to respond to you within thirty (30) days from the date of receipt of the request.

If you are not satisfied with the response of the data controller, you may appeal to the Data Protection & Privacy Office within thirty (30) days from the date of receipt of the response.

Right to erasure of personal data

You have the right to request the data controller for erasure of your personal data where:

• Your personal data are no longer necessary in relation to the purposes for which they were collected;

• You withdraw consent on which the personal data processing is based and where there is no other legal ground for the processing;

• You object to the processing of personal data and there are no overriding legitimate grounds for the processing

• Your personal data have been unlawfully processed

However, the right to request the erasure of personal data does not apply to the extent that processing is necessary described in this Law such as reasons of public interest.

Right to designate an heir to personal data

Your personal data are not primarily subject to succession but, where you had left a will, you provide your heir with full or restricted rights relating to the processing of your personal data kept by the data controller or the data processor, if such personal data still need to be used.

Right to representation

You have right to be represented when:

• You are under sixteen (16) years of age

• You have a physical impairment and unable to represent yourself

• You are a medically determinable mental impairment and is unable to represent yourself

• You have any other reason, in which case you are being represented by another person

In all above cases you need to provide an authorization of representation in accordance with relevant Laws.

Right not to be subject to a decision based on automated data processing

You have the right not to be subject to a decision based solely on automated personal data processing, including profiling, which may produce legal consequences or significant consequences to you.

For example, such decisions may be about your work performance

However, this right is not exercised when the processing:

• is based on your explicit consent;

• is necessary for entering into, or performance of, a contract between the you and the data controller;

• is authorized by to other Laws

Uburenganzira ku kurindwa kw'amakuru yawe bugufasha kwemeza ko amakuru yawe abitswe ari:

• ukuri;

• abonwa gusa n'ababyemerewe gusa; kandi

• akoreshwa ku mpamvu yavuzwe gusa

Ufite uburenganzira bwo kurindwa kw’amakuru yawe igihe:

• Abitswe muri mudasobwa; 

• Abitswe ku mpapuro cyangwa mu buryo bwanditse busanzwe

• Agizwe n’amafoto cyangwa amashusho agaragaza isura yawe, cyangwa ijwi ryawe ryafashwe. 

Niba uhaka kubona amakuru yawe, ohereza ibaruwa ku kigo cyangwa umuntu ufite amakuru yawe bwite, ubasabe kuguha kopi yayo. Ayo makuru agomba kuba yoroshye kumenya ayo ari yo.

Mu busabe bwawe, ugomba:

• Gutanga amakuru ashobora gufasha umuntu kukumenya no kubona amakuru yawe. Urugero, nka nimero ya konti yawe, aderesi wakoresheje mbere, cyangwa itariki y’amavuko.

• Gusobanura neza amakuru ushaka kubona niba hari ayo wifuza by’umwihariko. Ibi bizafasha ikigo cyangwa umuntu ubisabye kugusubiza vuba kandi neza.

Urugero rw’amagambo wakoresha usaba amakuru yawe:                     

Nyakubahwa Ushinzwe Kurinda Amakuru bwite,

Hashingiwe ku Itegeko N° 058/2021 ryo ku wa 13/10/2021 ryerekeye kurinda amakuru bwite n’imibereho bwite by’umuntu, ndifuza gusaba uburenganzira bwo kubona kopi y’amakuru yanjye yose mubitse, haba ari kuri mudasobwa cyangwa yanditse mu buryo busanzwe.

[Numero ya konti yanjye ni ...] 

[Itariki y’amavuko yanjye ni ...] 

[Ahahoze ari aderesi yanjye ni ...]

Mugire amahoro,

[Izina]

Abakozi b’Ibiro bishinzwe kurinda amakuru bwite bagamije gutuma uburenganzira bwawe bwubahirizwa no gutuma abagenzuzi b’amakuru n’abatunganya amakuru bashyira mu bikorwa amategeko. Niba hari ikigo cyangwa umuntu utubahirije amategeko, ukaba utanyuzwe n’ubusobanuro bwabo ku mpungenge zawe, ushobora gutanga ikirego mu Biro bishinzwe kurinda amakuru bwite.

Ni gute namenyesha Ibiro bishinzwe kurinda amakuru bwite?

Niba ucyeneye amakuru ku burenganzira bwawe, watumenyesha ukoresheje telefoni cyangwa emeyili. 

Aderesi: 18KG Ave, A&P Building, Ground Floor, Kacyiru

Emeyili: dpp@dpo.gov.rw

Umurongo utishyurwa: 9080

Amakuru bwite ni amakuru ayo ari yo yose yerekeye umuntu ku giti cye uzwi cyangwa ushobora kumenyekana, mu buryo buziguye cyangwa butaziguye, by'umwihariko hashingiwe ku kimuranga nk'izina, nimero imuranga, aho aherereye, ikimuranga mu buryo koranabuhanga cyangwa hashingiwe ku kintu kimwe cyangwa byinshi byihariye biranga imiterere y'umubiri we, imitekerereze ye, inkomoko ye, ubuzima bwe bwo mu mutwe, ubukungu, umuco cyangwa imibereho y'uwo muntu ku giti cye.

Amakuru bwite y’ibanga ni amakuru agaragaza isanomuzi y’umuntu, uko ubuzima bwe buhagaze, ko yafunzwe cyangwa atafunzwe, dosiye ye yo kwa muganga, inkomoko ye mu muryango, imyemerere ye ishingiye ku idini cyangwa ku mitekerereze, ibitekerezo bye bya politiki, amakuru ndangasano cyangwa ay’imiterere ye, ay’ubuzima bw’imibonano mpuzabitsina cyangwa umwirondoro w’umuryango.

Yego. Itegeko mu ngingo yaryo ya 9, rivuga ko iyo umugenzuzi w’amakuru, utunganya amakuru cyangwa undi muntu azi ko ari ay’umwana utarageza ku myaka cumi n’itandatu (16) y’amavuko, agomba kubyemererwa n’ufite ububasha bwa kibyeyi kuri uwo mwana hakurikijwe amategeko abigenga.

Mu Itegeko ryerekeye kurinda amakuru bwite n’imibereho bwite by’umuntu, ukwemera kwa nyiri ubwite kugomba kugaragaza mu bwisanzure ibyifuzo bya nyiri ubwite nta gahato bishingiye ku bisobanuro yahawe bitarimo urujijo, yumvikanisha akoresheje imvugo, uburyo bw’inyandiko cyangwa bw’ikoranabuhanga cyangwa igikorwa kigaragara kandi gisobanutse ko yemeye itunganywa ry’amakuru bwite