The Bank of Uganda has emphasised the importance of data privacy compliance for financial institutions, warning that failure to adhere to regulations can result in significant penalties and loss of customer trust.

According to Ms Sophia Kironde Iwumbwe, Head of Onsite Inspection Division at the Bank of Uganda, data privacy is a critical aspect of financial institution operations.

"If you fail on that front, you definitely lose customers' trust. That's why, as part of our reviews, one of the things we monitor is compliance with all data privacy legislations," Ms Iwumbwe said during the Data Privacy Thought Leadership Workshop for financial institutions and stakeholders.

She noted that financial institutions are expected to formulate risk management programs that clearly articulate how they manage data privacy and confidentiality.

"We've seen cases where failure to get that right results in very hefty penalties. No institution wants that. Shareholders expect institutions to generate value, not lose it," she said.

The Bank of Uganda has issued cybersecurity guidelines that will take effect at the end of this year, and Ms. Iwumbwe emphasized that financial institutions should view compliance as a strategic imperative rather than a burden.

"Compliance is not a burden. It's not a regulatory burden — it's a matter of strategic positioning," she said.

Absa Bank Uganda Managing Director, Davin Arthur Wander, echoed Ms Iwumbwe's sentiments, stating that customer trust is critical to the financial sector. "Customer trust in the financial sector is very critical and it should be maintained by the financial institutions," he said.

Ms Iwumbwe added that institutions that prioritize compliance reap significant benefits.

"Institutions that have taken this seriously — as shown in the case studies we discussed earlier — are reaping big benefits. But yes, compliance is expensive," she stressed.



