
Registration with the Personal Data Protection Office (PDPO) is mandatory for any and all persons, institutions, and public bodies collecting and processing personal data in Uganda.
This is for purposes of protecting and observing the privacy of a person and of personal data. This obligation was introduced in the Data Protection and Privacy Act 2019 of Uganda and the subsequent 2021 Regulations under the same Act.
Certain Policies should be in place when applying for registration with the PDPO. These include the Organization’s Information Security Policy and the Organization’s Data Retention Policy.
Upon registration, a data collector, data processor or data controller must submit to the Office an annual compliance report within 90 days after the end of every financial year.
Failure to register/renew registration amounts to committing an offence and one will be liable, on conviction to a fine or imprisonment not exceeding three months or both.
Where the offence is committed by an organization, the organization and every officer of the organization who knowingly and willfully authorizes the contraventions commits an offence and is liable, on conviction to the penalty above and the fine specified in the law.
In a nutshell, the scope envisaged consequently means that nearly all companies and entities are required to register with the office.
Discover more from CRAMANYA Advocates
Subscribe to get the latest posts sent to your email.