Law No. 058/2021 of 13 October 2021 Relating to the Protection of Personal Data and Privacy was published, on 15 October 2021, in the Rwanda Official Gazette ('the Law'). In particular, the Law establishes among others, the following principles: lawfulness, fairness and transparency, purpose limitation and accuracy.
Name in original language
Data Protection Law
Initiative overview
The Law establishes among others, the following obligations: maintaining records of processed personal data, designation of a personal data protection officer, carrying out personal data protection impact assessments, provision of information during personal data collection, notification of personal data breach and communication of it to data subjects, and the implementation of appropriate technical and organisational measures to ensure security of personal data. Furthermore, the Law outlines several data subject rights which include, among others, consent and right to withdraw consent, right to personal data, right to object, right to personal data portability, right not to be subject to a decision based on automated processing, right to restriction of processing of personal data, right to erasure of personal data and right to rectification.
Name of responsible organisation (in English)
Rwanda Information Society Authority |National Cyber Security Authority
