Prime
Personal Data Protection Office to punish non-compliant firms
A woman uses a smartphone. Millions of people do not know how their personal information is being used, collected or shared in digital spaces. PHOTO | Edgar R. Batte
What you need to know:
The Data Protection Office says non-compliant heads of organisations will be prosecuted and financial penalties will be imposed on their organisations.
Companies and public entities risk a three-year imprisonment for failing to register with the Personal Data Protection Office (POPD).
Although this week marks the International Data Privacy week (January 24 – 28), millions of people do not know how their personal information is being used, collected or shared in digital spaces.
PDPO, which is obliged to regulate the collection and processing of personal data in Uganda has commenced prosecution against heads of organisations that have not registered as required by the Data Protection and Privacy Act, 2019.
In an interview with Daily Monitor about companies’ compliance, PDPO’s director, Ms Stella Alibateesa said: “We have registered half of the over 1,000 entries. Those who have not yet complied will be penalised in the courts of law.”
PDPO said heads of organisations will be prosecuted with financial penalties imposed on their organisations.
Compliance status
In Uganda, all persons, companies and public entities that collect and process personal data, were supposed to have complied before the end of December last year.
According to PDPO banks, hotels and telecommunications companies are some of the institutions that have complied.
But medical, insurance, professional service provider firms and education institutions have high non-compliance levels.
Mr Baker Birikujja, the manager, licensing and legal affairs at PDPO, said: “Forex bureaus collect a lot of personal data but they are taking the lead in non-compliance to register with the (PDPO).”
Registration
Personal data has become an important business aspect with several companies using such data to make business decisions.
Some companies have been accused of abusing personal data while others have shared it with third party users without consent.
PDPO notes that the registration would help government to ascertain how companies, individuals and government agencies collect data why they collect it, how they use it and who they share it with.
The registration, also seek to measure the capacity of companies and individual to secure collected data from third party breaches, because Uganda has a number of organisations that have offices in countries with strong data protection and privacy laws, it was urgent that the country matches up with its peers.
Some countries have enacted stringent data protection laws as claims of abuse continue to be documented across the globe.
Global companies such as Facebook, among others, have been accused of sharing personal data with third party companies, some of which have used such data for commercial purposes.
There are multiple challenges during registration with the most pertinent being varied value attached to compliance shown by the different sectors.
“Some sectors such as the financial sector that are heavily regulated have a higher inclination of compliance to regulation, however this is not the case with the unregulated ones,” Barikujja notes.
