The Personal Data Protection Office (PDPO/Office) is Uganda’s data protection and privacy regulator. It is established as an independent office under the National Information Technology Authority, Uganda (NITA-U) responsible for overseeing the implementation of and enforcement of the Data Protection and Privacy Act of 2019.
The Office is mandated by law to register every person, institution or public body collecting and processing personal data of Ugandan residents.
It also receives and investigates complaints relating to infringement of individuals’ rights under the Data Protection and Privacy Act, 2019.
This law is enacted to:
- protect the privacy of the individual and of personal data by regulating the collection and processing of personal information;
- to provide for the rights of the persons whose data is collected; and
- obligations of every person, institution and public body collecting and processing personal data.
The Data Protection and Privacy Act, 2019 applies to a person, institution or public body –
- collecting, processing, holding or using personal data within Uganda; and
- outside Uganda who collects, processes, holds or uses personal data relating to Ugandan residents.
What is Data ‘processing’?
Means any operation which is performed upon collected data by automated means or otherwise including –
- organization, adaptation or alteration of the information or data;
- retrieval, consultation or use of the information or data;
- disclosure of the information or data by transmission, dissemination or otherwise making valuable; or
- alignment, combination, blocking, erasure or destruction of the information or data.