Data is an essential aspect of digital transformation. For public and private institutions to develop solutions and provide services that improve people’s quality of life, it is inevitable for them to collect personal data. However, the increasing data security breaches present a significant challenge for organizations and governmental institutions to protect personal data.  This has also increasingly become a concern for individuals providing their personal data to the government and individuals. To protect citizens’ privacy and personal data, the Government of Uganda enacted the Data Protection and Privacy Act into law in 2019. The law regulates the collection and processing of personal information. The law also provides for the rights of the person whose data is collected and processed and the obligations of data controllers and data processors to regulate the use of that data.  To ensure the successful implementation of this regulation, the National Information Technology Authority of Uganda (NITA-U) has established a Data Protection Office. To support the operationalization of this Data Protection Act 2019 and the operations of the Data Protection Office, the United Nations Capital Development Fund is collaborating with NITA-U to develop a platform that will make it easy and convenient to identify personal data breaches and misuse of data. The data protection portal will provide a quick, convenient and easy access channel to report issues related to data protection and seek redress. The service will include SMS/USSD functionality for access and usage by ordinary citizens. The incredible power of digitalization in improving people’s lives and livelihoods, creating quality jobs, and fostering greater inclusion is undisputable. However, digital economies are not inherently inclusive. Without deliberate digital inclusion strategies, digitalization can exacerbate already existing inequalities, fuel tensions, and alter the course of entire societies. The UNCDF strategy, ‘Leaving no-one behind in the digital era’, aims to empower millions of people to use services daily that leverage innovation and technology and contribute to the SDGs. UNCDF focuses on accelerating the development of digital economies at the country level with the government, the private sector, and academia, with specific attention given to developing the right services to reduce the digital divide and empower key customer segments. UNCDF is driving universal access to secure, affordable, and trusted digital systems, a key prerequisite for the growth of a digital economy.  UNCDF recognizes that people’s trust in digital technology will increase their use of the internet and thus contribute to SDG 1 of No Poverty and SDG 8 of Economic Growth.  Consequently, UNCDF is collaborating with NITA-U to develop a data protection portal to achieve the following objectives

Offer electronic seamless registration for data collectors, data processors and data controllersGive a platform for data subjects to easily file a complaint with the Personal Data Protection OfficeAct as a platform to promote knowledge about personal data protection and privacy best practices, guidelines, and tipsProvide a central point for reporting, processing and resolving data privacy complaints and breaches in real-timeImprove accountability for data controllers and processors responsible Improve compliance with the Data Protection and Privacy Act (2019) Provide a one-stop centre for information and guidance related to the Data Protection and Privacy LawPromote awareness of data subjects’ rights amongst the citizens

The increased digitalization of services and the need to work remotely presents numerous challenges for organizations and consequently the need to be more vigilant towards personal data protection. These include data theft, data extortion, data alteration, and destruction among other threats. Most of this data will include large volumes of personal data because most services require valid identification and therefore must collect one’s particulars before they can provide the appropriate service. Before and after they collect that personal data, it is incumbent upon the organizations to comply with the Data Protection and Privacy Act 2019 and other relevant laws. In conclusion, I would like to pose a question. Are you scared of handing over your personal data to companies offering you services? Do you know your rights as a data subject? Let us know via Twitter @Dignited.