Regulator: The Personal Data Protection Office ('PDPO') within the National Information Technology Authority - Uganda ('NITA - U')
Summary: The Act takes a relatively comprehensive approach to data protection, and in particular provides for a data protection and privacy register, notable powers for the NITA-U, and processes for the investigation of complaints relating to the infringement of data subject rights under the Act. In addition, the Act establishes consent as a central principle, specifies conditions for consent relating to minors as well as other special categories, and, notably, has extraterritorial scope and may apply to entities outside Uganda. The Regulations, which were published in the Official Gazette on 12 March 2021, provide for the establishment of the Personal Data Protection Office within NITA-U, and establish, among other things, a registration obligation for data collectors, controllers, and processors. Another key law in Uganda is the Computer Misuse Act 2011 which, among other things, criminalises any unauthorised disclosure of personal data and confidential information.