Validation Workshop on the Draft Data Protection Guidelines and Regulations
We were honored to participate in the Validation Workshop on the Draft Data Protection Guidelines and Regulations, held on 1stโ2nd April 2026 convened by the Personal Data Protection Office, Uganda (PDPO) under National Information Technology Authority-Uganda, with AF Mpanga Advocates as the consultant. It forms part of ongoing efforts to operationalize the Data Protection and Privacy Act and the Data Protection and Privacy Regulations & Guidelines.
This two-day engagement brought together regulators, industry players and key stakeholders to review and validate draft guidelines and frameworks aimed at supporting data controllers, data processors, data collectors and data subjects.
Key focus areas under discussion included data security breach notification, data protection by design & default, Data Protection Impact Assessments (DPIAs), Alternative Dispute Resolution mechanisms, grounds for processing personal data, exemptions from registration, information security standards, Designation of Data Protection Officers (DPOs) and strengthened collaboration frameworks.
The discussions emphasized the importance of practical, clear and sector-responsive guidelines that not only ensure compliance but also promote accountability and safeguard personal data in an increasingly digital economy.
As CRBA, we are committed to supporting frameworks that enhance responsible data sharing, consumer protection and regulatory alignment across the financial sector. Engagements such as this are critical in shaping a data protection ecosystem that is both robust and enabling.
We appreciate the conveners and all stakeholders for their valuable insights and contributions toward advancing data privacy in Uganda.
DataProtection DataPrivacyUG PersonalDataIsPrivate Compliance CRBA Uganda Governance DataSecurity