Rwanda: National Cyber Security Authority issued guidance on right to access, object and restrict processing of personal data

On 10 January 2022, the National Cyber Security Authority (NCSA) published guidance on the right to access, object and restrict processing of personal data. The guidance states that Protection of Personal Data and Privacy Law No. 058/2021 empowers data subjects with significant rights, including the right to access personal data, the right to object to its processing, and the right to restrict processing. Right to access allows data subjects to request information about purposes of data processing and obtain a copy of personal data, provided requests do not conflict with other laws. Right to object enables individuals to halt processing that causes distress or is used for direct marketing. Right to restrict processing applies when data accuracy is contested, or processing is deemed unlawful. Data subjects dissatisfied with responses from data controllers or processors can appeal to NCSA within 30 days.