The OECD.AI Policy Navigator

Our policy navigator is a living repository from more than 80 jurisdictions and organisations. Use the filters to browse initiatives and find what you are looking for.

Data Protection Law

Law No. 058/2021 of 13 October 2021 Relating to the Protection of Personal Data and Privacy was published, on 15 October 2021, in the Rwanda Official Gazette ('the Law'). In particular, the Law establishes among others, the following principles: lawfulness, fairness and transparency, purpose limitation and accuracy.

Name in original language

Data Protection Law

Initiative overview

The Law establishes among others, the following obligations: maintaining records of processed personal data, designation of a personal data protection officer, carrying out personal data protection impact assessments, provision of information during personal data collection, notification of personal data breach and communication of it to data subjects, and the implementation of appropriate technical and organisational measures to ensure security of personal data. Furthermore, the Law outlines several data subject rights which include, among others, consent and right to withdraw consent, right to personal data, right to object, right to personal data portability, right not to be subject to a decision based on automated processing, right to restriction of processing of personal data, right to erasure of personal data and right to rectification.

Name of responsible organisation (in English)

Rwanda Information Society Authority |National Cyber Security Authority

About the policy initiative


Organisation:

  • Rwanda Information Society Authority |National Cyber Security Authority

Category:

  • National – AI policy initiatives, regulations, guidelines, standards and programmes or projects

Initiative type:

  • Law/legislation/act (by legislative body)

Participating organisations:


Participating countries:


Status:

  • Active

Start Year:

  • 2021

Binding:

  • Binding