The Government of Rwanda has made significant strides in protecting personal data with the gazetting of Law No. 058/2021 of 13/10/2022, concerning the protection of personal data and privacy (DPP Law). This new legislation establishes a comprehensive framework for data protection, setting clear guidelines for the collection, processing, storage, and sharing of personal information. As Rwanda’s first law dedicated to data protection, the DPP Law outlines the responsibilities of organizations in handling personal data and establishes the rights of individuals to privacy and data protection.

In response to this legislative milestone, the Rwanda Information Society Authority (RISA), in collaboration with the National Cyber Security Authority (NCSA) and the Ministry of Health, has launched a nationwide awareness campaign aimed at educating key stakeholders on the requirements and implications of the DPP Law and cybersecurity measures within the health sector.

The campaign, running from June 3rd to August 24th, is particularly focused on health sector institutions  with the following purposes: To inform stakeholders about the provisions of the law, including the rights of individuals and the obligations of organizations, to engage the Ministry of Health and all health establishments on how to address specific challenges related to data protection in the health sector, to support institutions by providing guidance to facilitate compliance with the new regulatory framework and to enhance cybersecurity measures across  health sector.

Given the sensitive nature of health-related data, Hospitals, clinics, and other health institutions were prioritized to equip staff with the knowledge and tools necessary to comply with the DPP Law and cybersecurity. The campaign covers Provincial Hospitals, Referral Hospitals, and Teaching Hospitals throughout the country, ensuring that staff at both urban and rural health centers are included.

By the end of the campaign on August 24th, RISA expects that institutions within the Ministry of Health will be well-prepared to meet the law's requirements and able to discover possible cybersecurity issues.

Compliance with the DPP Law is crucial not only for legal adherence but also for fostering trust in Rwanda’s digital ecosystem. The law empowers individuals with greater control over their personal data and requires organizations to implement robust data protection measures. This campaign emphasizes the importance of accountability and transparency, encouraging institutions to adopt best practices in data management.