Rwanda’s chamber of deputies has passed the Personal Data Protection and Privacy Bill.

The draft legislation now goes to committee stage for scrutiny before a further vote.

The bill’s intention is to safeguard the “fundamental right to privacy” by regulating the processing of personal data, providing individuals with rights over their data, and setting up systems of accountability and clear obligations for those who control or process personal data.

The bill’s introduction reads: “Increasingly, everything we do generates data, whether we are in possession of a device or not. Our devices, networks, and even homes generate vast amounts of data. Our transport systems, cars, payment systems, and cities also generate data through us and about us.”

The legislation covers the grounds for collecting and processing personal data; the safeguards required; the general rules applicable for collection and processing of personal data; the rights of data subjects; and sanctions for failure to comply with the law.

As proposed, individuals face up to five years in jail and fines up to 10m Rwandan francs ($9,900, €8,250), depending on the breach. Companies could be fined as much 5% of their turnover. Equipment and the proceeds from the offence may also be confiscated.

Register to receive the latest data protection and privacy news and analysis straight to your inbox