Search Results

Monitor the application's performance. Check the speed, friction in usage and load times for the application and make improvements as required so ensure a smooth user experience.

This guideline shall come into force on the date of its signature by the Chief Executive Officer of RISA.

With increased digitization of Government processes and services, significant amounts of data are captured and generated including personal data. The protection of personal data is both an ethical and legal obligation as defined by Rwanda's law on protection o...

This Privacy by Design (PbD) guideline document outlines a framework to embed privacy considerations throughout all aspects of software development and data management. It applies to all Government institutions in Rwanda as well as their contractors and servic...

Privacy by Design is about creating a consistent framework and approach for proactively embedding privacy into the design and operation of IT systems, applications, and business practices by default. Privacy by Design, importantly, isn’t just about securing da...

Taking a privacy by design approach is an essential tool in minimizing privacy risks and building trust. Designing software with privacy in mind at the outset can lead to benefits that include: Build user trust: Privacy by design helps to build trust with u...

The Privacy by Design approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy-invasive events before they happen. Privacy by Design does not wait for privacy risks to materialize, nor does it offer remedies for...

Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy remains intact. No action is required on the p...

Privacy by Design is embedded into the design and architecture of IT systems and business practices. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy ...

Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made. Privacy by Design avoids the pretense of false dichotomies, such a...

Privacy by Design, having been embedded into the system before the first element of information being collected, extends securely throughout the entire lifecycle of the data involved — strong security measures are essential to privacy, from start to finish. Th...

Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations remain visib...

Above all, Privacy by Design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it user-centric!The best Priva...

Define privacy requirements [Mandatory] - Identify and document privacy requirements based on best practices, applicable laws and regulations. For example, Rwanda’s law on data protection and privacy requires institutions to implement appropriate technical a...

Privacy design principles [Mandatory] - Apply privacy principles such as data minimization, purpose limitation, and user consent by design. Privacy enhancing technology [Recommended] - Implement privacy-enhancing technologies (PETs) such as encryption, anon...

Secure coding [Mandatory]  - Follow secure coding practices to prevent common vulnerabilities such as injection attacks, cross-site scripting (XSS), and insecure authentication. Refer to RISA’s software security guidelines for more details Code reviews  [Ma...

Privacy testing [Mandatory] - Include privacy testing as part of the software testing process, focusing on scenarios related to data protection, consent management and user privacy preferences. Penetration testing and vulnerability assessment [Mandatory] - ...

Data protection safeguards [Mandatory] - Implement appropriate safeguards to protect personal data during transit and storage, such as encryption and secure communication protocols. Privacy notices [Mandatory] - Provide users with clear and accessible priva...

Privacy policies [Mandatory] - Regularly review and update privacy policies and procedures to reflect changes in the regulatory landscape and evolving privacy risks. Monitoring [Mandatory] - Monitor the software for security vulnerabilities and privacy inci...

Data Disposal [Mandatory] - Ensure that all personal data stored by the software is securely deleted or anonymized according to applicable laws and regulations. This includes data stored in databases, logs, backups, and any other storage mechanisms used by t...