Digital Policy Alert logo

Rwanda: National Cyber Security Authority published guide clarifying distinctions between data controller and data processor

Policy overview

Description

National Cyber Security Authority published guide clarifying distinctions between data controller and data processor

On 17 March 2022, the National Cyber Security Authority (NCSA) published a guide clarifying distinctions between data controller and data processor under Rwanda's personal data protection law No. 058/2021. Data controllers decide how and why personal data is processed, while data processors handle data on behalf of controllers. Organisations can determine their role by assessing who makes decisions about data collection and processing. Entities can be both controllers and processors if they perform both functions.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2022-03-17
adopted

On 17 March 2022, the National Cyber Security Authority (NCSA) published a guide clarifying distinc…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.