Rwanda: National Cyber Security Authority guidance on right to object

On 10 August 2022, the National Cyber Security Authority (NCSA) published guidance on the right to object. The guidance outlines the provisions of Article 19 of Rwanda’s law No. 058/2021, which grants data subjects the right to object to the processing of their personal data. This right enables individuals to stop data controllers or processors from using their data under certain conditions, such as when the processing causes distress or is for direct marketing purposes. However, if the data controller or processor can demonstrate legitimate grounds that override the data subject’s rights, the objection may be rejected. The guidance also explains the process for exercising this right, including the 30-day response timeframe and the right to appeal to the supervisory authority if unsatisfied with the outcome.