Celebrating the Data Protection Day 2020

Tuesday, January 28, 2020

Celebrating the Data Protection Day

Globally, 28 January of every year is recognized as the Data Protection Day. This was as a result of the opening for signature of the Council of Europe’s Convention 108 which addresses the protection of individuals with regard to automatic processing of personal data. This focus is as a result of the rise in importance of personal data in the information age powered by the fourth industrial revolution. Personal data is now the ‘gold’ or in other ways new ‘oil.’

Uganda has in place its own Law known as the Data Protection and Privacy Act, 2019. The object of the Act is to ‘protect the privacy of the individual and of personal data by regulating the collection and processing of personal information; to provide for the rights of the persons whose data is collected and the obligations of data controllers, data processors and data controllers; to regulate the use or disclosure of personal information; and for related matters.’ This Act further gives effect to Article 27 (2) of the Constitution of the Republic of Uganda by providing for the principles of data protection and recognizing the rights of the persons from whom personal information is collected. The Act furthermore establishes a Personal Data Protection Office responsible for personal data protection under the National Information Technology Authority – Uganda (NITA-U). The Act is based on the following globally recognized principles applicable to organizations and persons collecting and processing personal data in Uganda:


Accountability to the data subject (natural person on whom personal data is processed)


Collection and processing of personal data should be fair and lawful


The nature of personal data collected or processed should be adequate, relevant and not excessive for the intended purpose


Personal data should be retained for only the period authorized by law or for which the data is required


Maintain quality of personal data collected


Ensure transparency and participation of the data subject in the collection and processing of personal data


Implementation and maintenance of appropriate technical and organizational measures for the security of personal data in both electronic and manual formats.

The Act further requires organizations to comply in order to ensure the collection and processing of personal data is secured and that rights of data subjects are observed. The National Information Technology Authority, Uganda hereby reaffirms its commitment to oversee the implementation of and be responsible for the enforcement of the Act through the Personal Data Protection Office. Accordingly, NITA-U embarked on the development of attendant Regulations.

NITA-U further calls upon all organizations and persons collecting and processing of personal data in Uganda to immediately start developing their own compliance programs. Compliance contributes to building trust across all stakeholders and shareholders as well as greatly reduction of risk exposure from the misuse or breach of personal data.