Making a data-subject request in Uganda: checklist
In brief
The Data Protection and Privacy Act gives you rights over your personal data. This checklist helps you exercise them.
Who it's for & when to use it
Who it's for: Individuals whose personal data is held by an organisation.
When to use it: When you want to access or correct your data, or complain.
When not to use it: For purely commercial disputes unrelated to personal data.
The checklist
1. Make the request
- Write to the organisation (data controller) asking for access to or correction of your personal data.
- Identify yourself and describe the data clearly.
2. Keep a record
- Keep a copy of your request and note the date, so you can show it went unanswered if it does.
3. Escalate to the regulator
- If unanswered or refused, complain to the Personal Data Protection Office (PDPO).
4. Pursue remedies
- The PDPO can investigate; remedies for breach are available under the Act.
Key authorities
- Data Protection and Privacy Act, Cap. 97 (2023 Revision).
Checklist · Data & consumer.
Actively maintained.
Last reviewed 9 June 2026; next review due 9 June 2027.
This resource is a practitioner orientation and general information, not legal advice, and does not create an advocate–client relationship. It is AI-generated. Ugandan law changes and chapter and section numbers were revised in the 2023 Laws of Uganda. Verify every statute, rule, form, fee and authority against the current primary source — and the specific facts of your matter — before relying on it.