How Can We Help ?

Breach or violation of the Act and Regulations thereunder can lead to significant costs and risks for those involved. The possible consequences include:

  1. damage to the reputation of the person, institution or public body;
  2. fines of up to two percent of the corporation’s annual gross turnover; and or
The Act requires persons, institutions and public bodies to designate a data protection officer in the following circumstances where the core activities of the person, institution or public body consist of:
  1. the regular and systematic monitoring of data subjects on a large scale; or
  2. processing of special personal data.
  1. Right to access personal data.
  2. Right to rectification, blocking, erasure and destruction of personal data.
  3. Right to prevent processing of personal data for direct marketing.
  4. Rights in relation to automated decision-taking.
  5. The right to be informed.
  6. Right to file a complaint against breach and non-compliance.

Please visit the page on “Rights of Individuals under the Data Protection and Privacy Act” for more information on these rights and how to exercise them.

The Data Protection and Privacy Act, 2019 applies to a person, institution or public body
  1. collecting, processing, holding or using personal data within Uganda; and
  2. outside Uganda who collects, processes, holds or uses personal data relating to Ugandan citizens.

Where an offence relates to infringement of a data subject’s rights or is in violation of this Act or following investigations by the Authority, and such offences are committed by a corporation, the court in addition to the punishment order the corporation pay a fine not exceeding two (2) per cent of the corporation’s annual gross turnover.

Collecting or processing personal data as per the Data Protection and Privacy Act can be carried out under any of the following provisions

In relation to personal data, means a person other than an employee of the data controller who processes the data on behalf of the data controller.

It is a law enacted to protect the privacy of the individual and of personal data by regulating the collection and processing of personal information; to provide for the rights of the persons whose data is collected and obligations of data collectors, data processors and data controllers and to regulate the use or disclosure of personal information.

Items per page:
1 – 8 of 8