Uganda: Regulatory Update – NGO/ CSO compliance with the Data Protection and Privacy Act 2019

On 7 October 2022, the National Bureau for Non-Governmental Organisations released a circular requiring non-governmental organisations to register with the Personal Data Protection Office at the National Information Technology Authority by 31 October 2022. 



The PDPO was created under the Data Protection and Privacy Act 2019. It is tasked with overseeing the implementation and enforcement of the Data Protection Act, and promoting, protecting and observing the privacy of a person and of personal data.

Registration with the PDPO is an obligation pursuant to section 29 of the Data Protection and Privacy Act 2019 and the 2021 Regulations, and registration by the relevant entities has been ongoing since 2021.

The process entails an application for registration where entities such as data collectors, processors or controllers provide information on the following: 

  • the nature and category of personal data collected or processed; 
  • details of the data protection officer; 
  • data transfers outside of Uganda; and 
  • measures taken by the entity to secure personal data.


A note containing definitions of the above-mentioned can be accessed here



Read the original publication at Bowmans.


Subscribe to our newsletter