Rwanda law relating to the protection of personal data and privacy.
Rwanda published a detailed bill in their official gazette on 15/10/2021 promulgating a law that aims at the protection of personal data and privacy and determines their processing. This document is eighty-two pages long and contains crucial information for your business, whether it was established or resides in Rwanda or not (Rwanda, 2021) . If any personal data is processed from personal subjects located in Rwanda, it is recommended to familiarise yourself with the document. You will have to register with the relevant supervisory authority as a data controller and or a data processor.
The main focus of this article will be on digital data and the storage and access of it. One way of controlling the data is to situate your own physical infrastructure in Rwanda. If you have the budget, technical expertise and required surrounding infrastructure then this is a certainly an option, however there is a simpler alternative with far fewer requirements.
The alternative option is cloud and hosting services. The challenge with this option is to either find the right local cloud service provider (as the data must be stored in Rwanda), or obtain a valid registration certificate authorising you to store the data outside of Rwanda. Once that challenge is addressed, the upside of using cloud and hosting services is exponential. You have a 24-hour protected secure location which can be used as a primary or a backup site. The physical resources are available for when you want to increase or decrease your allocation.
This can be managed by you or with the help of an expert cloud engineer. You can access the data from anywhere via a preconfigured private network and two factor authentication system. You will not be able to share the data without obtaining authorisation from the supervising authority. Using virtual machines also caters for any operating system which might be needed to preform your functions.
There are options for you to protect yourself but failure or misconduct can make you liable to pay an administrative fine of not less than two million Rwandan franc (RWF 2 000 000), or more than five million Rwandan franc (5 000 000), or one percent (1%) of the global turnover for the preceding year.
Rwanda, G. of. (2021). Law No. 058/2021 of 13 October 2021 Relating to the Protection of Personal
Data and Privacy | Legal research | DataGuidance. Official Gazette.