Rwanda: Implemented Law No. 058/2021 relating to the protection of personal data and privacy including data protection authority governance

On 15 October 2021, Law No. 058/2021, relating to the protection of personal data and privacy, entered into force. The law specifies that the supervisory authority, the National Cyber Security Authority, is responsible for handling complaints, investigating data protection issues, advising on privacy matters, and cooperating with domestic and international bodies. Its powers include issuing certificates, ensuring compliance with data protection laws, regulating ICT impacts on privacy, imposing sanctions, maintaining a register of data controllers and processors, and investigating data-related issues.