1 privacy and data protection regulation that apply in Rwanda
Rwanda's GDPR-style data protection law features extraterritorial reach and global turnover-based penalties enforced by the NCSA. It requires clear and unambiguous consent before data collection and imposes strict data localization requiring storage within Rwanda unless an NCSA certificate is obtained. A 48-hour breach notification window is faster than GDPR's 72-hour standard.
