Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Rwanda: NCSA publishes guide on key principles for processing personal data

The National Cyber Security Authority ('NCSA') published, on 20 April 2022, a guide on the key principles for processing personal data. In particular, the guide notes that two of the main goals of the Law No. 058/2021 of 13 October 2021 relating to the Protection of Personal Data and Privacy ('the Data Protection Law') are empowering citizens with agency over their personal data and enabling trusted and secure data flows, domestically and internationally. In addition, the guide states that in order to achieve these two objectives, the Data Protection Law features six key principles that all data controllers and data processors must abide by when processing the personal data of individuals in Rwanda, which are the following:

  • processing personal data lawfully, fairly, and in a transparent manner;
  • collecting personal data for explicit, specified, and legitimate purposes and not further process in a manner incompatible with those purposes;
  • personal data must be related to the purposes for which their processing was requested;
  • personal data must be accurate and, where necessary, kept up to date with every reasonable step being taken to ensure that any inaccurate personal data is erased or rectified without delay;
  • keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; and
  • process personal data in compliance with the rights of data subjects.

Lastly, the guide outlines that as data controllers and data processors carry out their activities, these key principles act as a guiding checklist to ensure that the rights of data subjects are not being infringed upon during the processing of personal data.

You can read the guide here.

Feedback