Data Privacy Day was launched 15 years ago by the Council of Europe to remember the signature of the first legally binding international instrument in the data protection field known as “Convention 108”.

Each year on the 28^th January, countries across the globe use Data Privacy Day to celebrate this milestone, and raise awareness of data protection and privacy best practices.

What began as a one-day awareness-raising effort, was expanded into a week-long initiative in the form of Data Privacy Week due to a globally recognized need for more awareness on personal data protection and privacy.

For the first time since its launch in 2022, Rwanda’s Data Protection Office joined the globe to celebrate Data Privacy Week from January 23^rd – 28^th 2023, conducting a number of awareness raising activities on compliance with Rwanda’s personal data protection and privacy law.

The campaign engaged non-governmental organizations, businesses and sector regulators in three separate information sessions on compliance and the challenges within the compliance process.

This enabled the Data Protection Office to reiterate the institutional steps towards compliance, which include appointing a Data Protection Officer, conducting a Data Inventory and registering with the Data Protection Office as a Data Controller or Data Processor amongst other responsibilities.

The Data Protection Office also emphasized that the law provides consent of the user as a key foundation for lawful collection and processing of personal data.

The office continued that gaining clear consent of the user, alongside other implications of the law on personal data protection and privacy, necessitate the implementation of technical and organizational measures that will ensure the protection of personal data and privacy of Data Subjects.

Additionally, during these information sessions Data Controllers and Data Processors were given a platform to discuss their respective compliance journeys with the Data Protection Office.

Participants showed a particular interest in personal data hosting outside Rwanda requests. The Data Protection Office clarified that personal data hosting outside Rwanda is not prohibited but the law provides for requirements to request for authorization to do so. The Data Protection Office made clear that guidance on this topic would be available soon online on the Data Protection Office website.

On social media, the Data Protection Office shared helpful compliance tips on the hashtag #DataPrivacyWeekRw, where other users also contributed their views to the conversation.

In the upcoming months, the Data Protection Office will carry out a national public awareness campaign on the benefits of the law on personal data protection and privacy and related personal data processing obligations for Data Controllers and Data Processors.

All individuals or institutions that process personal data of individuals in Rwanda must be registered with the Data Protection Office by 15 October 2023.

To learn more about compliance and registration, visit the Data Protection Office website at www.dpo.gov.rw.