Report Incident
× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

What are the key principles for processing personal data?

Rwanda’s law on the protection of personal data and privacy was officially gazetted on October 15 2021, and applies to individuals and institutions established in and outside of Rwanda that process the personal data of individuals in Rwanda.
 
Among other objectives, two of the laws primary goals are:
  1. Empowering citizens with agency over their personal data
  2. and enabling trusted and secure data flows, domestically and internationally
 
In order to achieve on these two objectives, the current law features 6 key principles that all data controllers and data processors must abide by when processing the personal data of individuals in Rwanda.
 
These key principles not only ensure the protection of personal data and guarantee the privacy of data subjects, but also ensure that all data controllers or data processors are obliged to comply with the law as intended, or risk committing an offence.
 
According to Rwanda’s law on the protection of personal data and privacy, the data controller and data processor must ensure that the data subject’s personal data are:
 
  1. Processed lawfully, fairly and in a transparent manner
  2. Collected for explicit, specified and legitimate purposes and not further processed in a manner incompatible with those purposes
  3. Related to the purposes for which their processing was requested
  4. Accurate and, where necessary, kept up to date with every reasonable step being taken to ensure that any inaccurate personal data are erased or rectified without delay
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  6. Processed in compliance with the rights of data subjects
 
As data controllers and data processors carry out their activities, these key principles act as a guiding checklist to ensure that the rights of data subjects are not being infringed upon during the processing of personal data.
 
For more information on the key principles: Rwanda’s law on personal data protection and privacy

20 April 2022

© 2024 National Cyber Security Authority