Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

EU - Uganda: GDPR v. Data Protection and Privacy Act

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Data Protection and Privacy Act 2019 (the Act).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Act with the  GDPR.

You can access the latest version of the report here.

What is the Act?

The Act, which came into force in May 2019, is the primary piece of data protection legislation in Uganda and has been supplemented with the Data Protection and Privacy Regulations, 2021 (the Regulations), which were introduced on March 12, 2021.

Key highlights

The Act and the GDPR share some similarities, including:

  • provide similar definitions of personal data and data processing;
  • establish requirements for children's data;
  • sets out very similar grounds for the processing of personal data; and
  • provides for the requirement to appoint a data protection officer (DPO).

However, despite their similarities, the Act and the GDPR also differ sometimes in their approach, such as:

  • the Act does not explicitly regulate goods and services or monitoring from abroad;
  • the Act provides for potential prison terms and that individuals may be held liable for offenses;
  • the Act does not directly refer to anonymisation and pseudonymisation; and
  • the Act does not explicitly refer to a right to data portability.