Kampala, Uganda | THE INDEPENDENT | The enforcement of the Data Protection and Privacy law is now taking shape following the creation of the Personal Data Protection Office, at the National Information Technology Authority. The development comes months after the approval of the Data Protection and Privacy Regulations.
The regulations were approved in March, and published in the official gazette, paving way for implementation of the law, which also provided for the creation of the office responsible for personal data protection under NITA-U. This has been supported by the launch of a Data Protection Portal, a collaboration between the Personal Data Protection Office, and the UN Capital Development Fund.
“The Personal Data Protection Office is now fully operational with a competent and experienced team up to the task. I therefore urge all organisations that collect, process and/or control personal data to start registering with the office. The door is also open for data subjects to raise complaints,” says Stella Alibateese, the National Director of the Personal Data Protection Office.
The Act requires all data collectors, data processors and data controllers to register with the office, appoint or designate a data protection officer and conduct data protection impact assessments where the collection or processing poses a high risk to the rights and freedoms of natural persons among others.
Alibateese stresses that no one is supposed to collect data from anybody unless authorized by law, or else they should seek the consent of the person.
The regulations are coming at a time of increased digitalization of services, where the need to work remotely presents more challenges for organisations. These include data theft, data extortion, data alteration and destruction among other threats.
Birikujja Baker, the Manager of Legal Affairs at the Personal Data Protection Office, says that many users of personal data are not yet aware of how important data privacy is, nor how they are supposed to protect themselves, especially with digital communication gadgets.
Julius Mboizi, the Manager of Consumer Affairs at UCC says organisations or persons using people’s personal data should not only rely on the law because it might not be enough to either protect customers or even instill confidence in them. He says such organisations can also have their own internal mechanisms for ethical purposes.
In recent times, there have been growing concerns over the use of personal data without the knowledge of the affected people, including online shops, the banking sector, and mobile phone communications among others. Civil society has also raised concerns about how the state targets their records which might lead to a breach of privacy rights.
Lillian Nalwoga, the President of the Internet Society’s Uganda Chapter says the law will be effective if it can compel data controllers to be as transparent with the data as possible.
Chris Lukolyo, Digital Country Lead at UNCDF said that UNCDF recognizes that increased public trust in digital technology including personal data will further catalyze the adoption of digital solutions across all sectors. He emphasizes that it is everyone’s right to have the data private.
The Data Protection Act which was enacted by parliament in 2019, is aimed at protecting the privacy of the individual and personal data by regulating the collection and processing of personal information, providing for the rights of the person whose data is collected, and the obligation of data collectors and data processors and data controllers, as well as regulating the use or disclosure of personal information.