The Personal Data Protection Office (PDPO), Uganda’s data protection authority, has published its report assessing the training needs of data protection officers (DPOs).
The report states that the PDPO conducted an evaluation survey of the 510 Data Protection Officers appointed by registered entities as of 13 October 2022, in order to establish the gaps in the skills required by DPOs to carry out compliance-related tasks. Specifically, the assessment aimed, among other things, to identify the level of involvement of DPOs in the governance of data protection and privacy activities, and to determine whether DPOs were developing and implementing data protection and privacy awareness programmes under the Data Protection and Privacy Act 2019.
For example, the report highlights that almost all of the DPOs assessed had no data protection certification, that most had limited knowledge of how to develop and implement a privacy management programme, and that the majority had not been involved in conducting data protection impact assessments.
In light of the above, the PDPO encouraged DPOs to pursue training and certification, and recommended that they focus on the following areas:
Finally, the report adds that the PDPO should implement and publish guidance notes on the appointment of a DPO, highlighting the skills needed to fulfil the role, and on mechanisms for cross-border data transfers.