Rwanda: Data Protection and Privacy Office released Guide on Designation of a Representative

On 2 July 2024, the Data Protection and Privacy Office (DPO) released the "Guide on Designation of a Representative," which outlines the requirements for Data Controllers and Data Processors based outside Rwanda to appoint a representative in Rwanda if they process personal data of individuals within the country. The representative must be a registered corporate body or legal entity in Rwanda, capable of understanding the designating party's operations, and handling data protection and privacy matters. Key duties include responding to data subjects' requests, collaborating with the National Cyber Security Authority (NCSA), maintaining processing records, and ensuring compliance with the Data Protection and Privacy Law (DPP Law). Any changes to the representative's status must be reported to the NCSA within 15 working days.