On 7 October 2022, the National Bureau for Non-Governmental Organisations (NGO Bureau) released a circular requiring non-governmental organisations (NGOs) to register with the Personal Data Protection Office (PDPO) at the National Information Technology Authority (NITA-U) by 31 October 2022.

The PDPO was created under the Data Protection and Privacy Act 2019. It is tasked with overseeing the implementation and enforcement of the Data Protection Act, and promoting, protecting and observing the privacy of a person and of personal data.

Registration with the PDPO is an obligation pursuant to section 29 of the Data Protection and Privacy Act 2019 and the 2021 Regulations, and registration by the relevant entities has been ongoing since 2021.

The process entails an application for registration where entities such as data collectors, processors or controllers provide information on the following:

  • the nature and category of personal data collected or processed;
  • details of the data protection officer;
  • data transfers outside of Uganda; and
  • measures taken by the entity to secure personal data.