Stakeholder’s consultative workshop on developing a compliance pack for MSMEs organized by the Personal Data Protection Office (PDPO)
The Timetable and Setup
The venue of choice was great. Friends have been there before. Weddings, ICT Events and Workshops similar to this one. The ICT event was much broader and had quite a number of breakout rooms. The topics that was featured were myriad as were the speakers. The technology employed at this same was state of the art as were the lovely ladies that served as hosts to guide us to and from the different stations.
Time | Item | Responsible Person/Speaker |
8-9AM | Prayer and National Anthem | Mr. Jordan Magala |
9-9:10AM | Opening Remarks | National Personal Data Protection Director Ms. Stella Alibateese |
9:10-9:30AM | Remarks from FSDU | FSD Uganda |
9:50-10:30AM | Overview of the Data Protection and Privact Act | Manager Compliance and Investigations PDPO Mr. Baker Birikujja |
10:30-10:45AM | Break | All |
10:45-11:15AM | Overview of the development of the compliance assignment | Ms. Teki Akuntteh |
11:15-12:15PM | Breakout Exercise by Participants | All |
12:15-12:25PM | Final Remarks by consultant | Ms. Teki Akunteh |
12:25-12:30PM | Final Remarks by PDPO | National Personal Data Protection Director, Ms. Stella Alibateese |
12:30-1:30PM | Lunch and Departure | All |
Breakfast: Hit or Miss
Eh as for the meal that i was expecting having dashed from the house early and neglected to get something quick, i guess you got me on that one :). The breakfast that was promised was “cancelled”. I really hope the amazing hosts Mestil Hotel and Residences did not fox the sponsors of this event given they probably paid for meals to cover breakfast, lunch and something for the break. Ah maybe i just happened to have entered the wrong room so correct me if i am wrong but we missed BF.
Which reminds me. A few years ago…2011 possibly the first half of the year my colleagues and i had invested heavily in a mental health event at Hotel Africana. When we were done, our outreach lead requested that the meal we had paid for be packed for us but this was promptly declined. Note to Venues…that is a boo boo!
The Data Protection and Privacy Ecosystem
A quick search online reveals that the Data Protection and Privacy Act of 2019 in Uganda aims to safeguard the privacy and security of individuals' personal data. It sets out regulations for the collection, processing, storage, and sharing of personal information to ensure transparency and accountability in handling data. The act also establishes rights for individuals to access, correct, and delete their data, as well as provisions for data breach notifications and penalties for non-compliance.
To have a greater sense of appreciation for the event, one needs to have more knowledge about those who put the event together. Two major groups come up in this regard. PDPO, FSD and ICTAU. The most natural thing to do these days is to visit the socials of your NGO to find out ifthey have a presense.
Data shmata
One of the things that i appreciate now that i could not have understood back then was the importance of data in decision making. After a great class hosted by OutBox Hub and organized by Data Science Nigeria and a list of trainers and experts from Uganda much appreciation has now been gained for data collection, sorting, cleaning, interpretation and representation. Which brings me to the FSD Uganda page. What an Impressive Dataset page! A place where you can request all sorts of useful information and obtain in all in a simple to use format.
Conversation with the PDPO Manager of Compliance and Investigations
Lessons on Youtube from PDPO
Data Life Cycle image is given below.
The discussion about data protection and privacy as seen in a historical book- the bible.
History of Data Protection and Security Law from The Garden of Eden to the present day. Principles of the law
Registration with PDPO and Privacy Compliance Program, Penalties for violating the law and a great example of a case where a company was sued for misuse of an image. Nalubega Vs. Stabex International Ltd. Pump Attendant
The Regulators (Some Profiles from Linkedin or Company Websites).
Teki Akutteh
I am a Senior Partner at Nsiah Akuetteh & Co. a law firm based in Accra, Ghana that specializes in information technology and telecommunication law in Africa. I am also a privacy and data protection consultant and have previously worked for the Government of Ghana in the development of key legislations for the ICT sector including the National Communications Act, 2008 (Act 769), Electronic Communications Act, 2008 (Act 775) Electronic Transactions Act, 2012 (Act 772) and the Data Protection Act, 2012 (Act 843). I was appointed the first Executive Director of the Data Protection Commission to facilitate the implementation of Ghana’s Data Protection Act and successfully set up the institution from a legal instrument to an internationally recognized body. Additionally, I worked in various capacities with regional bodies such as ECOWAS.
Currently, I am the Founder & Executive Director of Africa Digital Rights Hub (an NGO that promotes digital rights issues across Africa); Executive Chairperson for AIM Solutions Ltd. (a business and compliance solutions software development company in Ghana); a member of the UN Global Pulse Privacy Advisory Group, and a member of the UN Special Rapporteur on Privacy (UN SRP) Task Force on Privacy and Medical Data.
Stella Alibateese
I have been a practicing advocate for over 22 years with experience in a number of areas the bulk of which is on policy and regulatory matters in the public sector.
Currently serving as the Director, Regulation and Legal Services, National Information Technology Authority, Uganda (NITA-U) which role enables me to provide in house legal counsel, corporate secretarial services and regulatory oversight in the IT sector.
As part of my regulatory role, am also in charge of developing laws to support the IT sector including laws related to cyber security in Uganda and the enforcement /compliance with the said laws. My recent work was to lead the development of the recently enacted Data Protection and Privacy Act, 2019, Uganda.
At NITA-U, i have led teams in the development of laws, legal instruments /regulations to support the ICT sector with a focus on the development of e Government in Uganda and provided legal input for various ICT sector policies and strategies. I regularly provide training and speak at conferences on matters related to ICT related laws and legal issues in the Information Technology field.
Sarah Yvonne
Sarah is a seasoned banker with over 10 years of senior and organisational leadership experience in the financial services sector. She has a wealth of expertise in organisational governance, banking, business analytics, strategic project planning, and management.
She brings on board over 15 years of financial services experience gained from working for Barclays Bank (now ABSA), and Stanbic Bank, where she held different leadership roles in consumer, small and medium enterprises, and business banking. Most recently, she worked as the Deputy Director in charge of Business Operations at a CDC funded project that focuses on quality management systems.
She holds a Master of Business Administration degree from the University of South Wales Prifysgol De Cymms, ACCA Certificate, and a Bachelor’s Degree in Social Sciences majoring in Economics from Makerere University.
Baker Birikujja
As the Manager Compliance and Investigations at the PDPO, I oversee the enforcement of the Data Protection and Privacy Act, 2019, and the investigation of data breaches and complaints. I also monitor compliance with the Act in both public and private sectors. Additionally, I provide legal and regulatory guidance to stakeholders on data protection and privacy matters. I am a member of international and continental task force committees addressing data protection and emerging technologies at the African Union, East African Community and Africa-Asia AI Policymakers Body.
I am a Fellow of Information Privacy, certified in both European data protection (CIPP/E) and as a Manager (CIPM), with a Bachelor of Laws degree from Uganda Christian University and a Post Graduate Diploma in Legal Practice from Law Development Centre. I have over nine years of experience in data protection and privacy, technology regulatory compliance, digital transformation contracting, and project management.
I am skilled in regulatory compliance, legal advisory, investigations, and data security standards.
Work Plan and activities-conversations with the consultant Ms Teki Akutteh
Notes from consultants who were assigned the task of creating a toolkit that is responsive to the needs of Uganda’s ecosystem.
MSMEs and Fintechs as principle areas of focus.
Why organizations prioritize data protection compliance.
Legal Obligations
Risk Management
Consumer Expectations
Reputation and Trust
Ethical and Corporate Social Responsibility
Market Access and Business Opportunities
Findings So Far
Broad MSME and Fintechs (payment, insurance, services, marketing, logistics, tourism)
Compliance, Regulation, Lack of Knowledge regarding compliance, Cost of Compliance, Multiple Platforms and Regulators e.g BOU, URA, UCC, Lack of Training on Capacity, PDPO resource challenges, Information Sharing around Third Parties, Consent Issues.
UIA Uganda Investment Authority 30k businesses plus but only 30 plus registered
DPO Data Protection Officer (few only managing small number of staff).
Regulation in Uganda a list with functions (From a question i asked AI tool on Opera Aria).
Certainly! Here is a list of regulatory agencies in Uganda along with brief descriptions of their functions:
1. **Bank of Uganda (BoU)**
- **Functions:** The central bank of Uganda, responsible for monetary policy, issuing currency, regulating financial institutions, and ensuring financial stability.
2. **Uganda Communications Commission (UCC)**
- **Functions:** Regulates the communications sector, including telecommunications, broadcasting, and postal services. Ensures compliance with regulations, promotes competition, and protects consumer interests.
3. **National Environment Management Authority (NEMA)**
- **Functions:** Oversees environmental management and protection. Implements environmental policies, laws, and standards. Conducts environmental impact assessments and audits.
4. **Uganda Revenue Authority (URA)**
- **Functions:** Administers tax laws and collects revenue on behalf of the government. Ensures compliance with tax regulations and combats tax evasion.
5. **Electricity Regulatory Authority (ERA)**
- **Functions:** Regulates the electricity sector. Sets tariffs, licenses operators, monitors performance, and ensures the provision of reliable and affordable electricity.
6. **Uganda National Bureau of Standards (UNBS)**
- **Functions:** Formulates and enforces standards to ensure the quality and safety of products. Conducts inspections, testing, and certification of products and services.
7. **Uganda Investment Authority (UIA)**
- **Functions:** Promotes and facilitates investment in Uganda. Provides investment advice, information, and support to investors. Works to improve the investment climate.
8. **Capital Markets Authority (CMA)**
- **Functions:** Regulates and promotes the development of the capital markets. Licenses market participants, ensures compliance, and protects investors.
9. **Insurance Regulatory Authority of Uganda (IRA)**
- **Functions:** Regulates the insurance industry. Licenses insurers, brokers, and agents. Ensures compliance with insurance laws and protects policyholders.
10. **National Drug Authority (NDA)**
- **Functions:** Regulates the manufacture, importation, and distribution of pharmaceuticals. Ensures the safety, efficacy, and quality of drugs and medical products.
11. **Public Procurement and Disposal of Public Assets Authority (PPDA)**
- **Functions:** Regulates public procurement and disposal processes. Ensures transparency, accountability, and value for money in public sector procurement.
12. **Uganda Wildlife Authority (UWA)**
- **Functions:** Manages and conserves wildlife and protected areas. Promotes tourism and wildlife conservation. Enforces wildlife protection laws.
13. **National Information Technology Authority Uganda (NITA-U)**
- **Functions:** Regulates and promotes information technology development and usage. Implements IT policies, standards, and guidelines. Oversees e-government initiatives.
14. **Uganda Coffee Development Authority (UCDA)**
- **Functions:** Regulates and promotes the coffee industry. Ensures quality control, supports coffee production and marketing, and promotes Ugandan coffee internationally.
15. **Petroleum Authority of Uganda (PAU)**
- **Functions:** Regulates the petroleum industry. Oversees exploration, development, and production of petroleum resources. Ensures compliance with laws and environmental standards.
These agencies play crucial roles in their respective sectors, ensuring compliance with regulations, promoting development, and protecting public and consumer interests in Uganda.
Comments
Post a Comment