To enable improved data-driven decision-making through access to shared government data, the Government of Rwanda (GoR) has approved a National Data Sharing Policy (“the policy”)

Proposed by the Rwandan Ministry of ICT and Innovation (MINICT), and drafted through the Rwanda Economy Digitalisation programme, the policy could be a gamechanger in evidence-informed policymaking in the country.

Key policy objectives include:

• Ensuring that data is shared in a protected and responsible manner among agencies of the Government of Rwanda to enhance decision making, facilitate collaboration and provide the basis for fulfilling national policy objectives for the benefit of citizens of Rwanda.
• Providing a standardised approach to facilitate data sharing and free flow of information, while ensuring that data privacy and security are maintained.
• Ensuring compliance with Rwanda’s Data Protection and Privacy Law (the ‘DPPL’).

The Policy annexes include:

1. (a) Draft Terms of Reference for Data Governance Unit
   (b) Draft Terms of Reference for Data Sharing – Technical Subcommittee
2. Data Sharing Application Form
3. Data Sharing Agreement
4. High-Level Data Sharing Process Overview
5. The Five Safes Data Sharing Framework
6. Responsibilities of Government Entities Participating in Data Sharing
7. Data Sharing Technology Platform

How will the policy be implemented?

The implementation of the policy will be overseen by MINICT, which will provide strategic direction and overall coordination. Execution responsibilities are shared between National Institute of Statistics Rwanda (NISR) and the Rwanda Information Society Authority (RISA).

NISR will lead the data governance components through a soon-to-be-established Data Governance Unit, which will spearhead the adoption of national data governance frameworks and the integration of unified national identifiers. While RISA is entrusted with technological components, including the development and maintenance of the Data Sharing Platform to facilitate secure and efficient data exchange across institutions.

Both NISR and RISA will work collaboratively to ensure that the national data governance frameworks are effectively implemented and integrated through the Data Sharing Platform, enabling the secure, efficient, and seamless data exchange across government institutions.

What does this mean for participating institutions?

The policy places obligations on data Requestors and Providers. Firstly, it requires that organisations are held accountable for sharing data that is governed and of good quality. Adherence to a governance framework is required. This implies that entities must already be governing their data – the policy stresses reliance on data governance and proposes establishment of a national data governance framework. Annex 6 of the policy provides details on these requirements.

Further considerations are:

• Each entity must nominate personnel who can approve data sharing requests or sign off data sharing agreements.
• Requests for access to shared data will require advance due diligence and governance, as noted above. This is embedded into the request process.
• Personal data sharing will require strict compliance with the DPPL, including legal justifications and signed agreements.

Responsibilities of the Data Governance Unit

The policy places an onus on NISR’s Data Governance Unit to put in place national data governance frameworks to facilitate proper data sharing within government institutions through:

• Adoption of national data standards. For example, any national identifiers shared must conform to a standard pattern, dates of birth or other dates may be required to conform to specific patterns or data types, and certain codes, such as country codes, may need to conform to a national or international standard (such as ISO). In these cases, the ability to measure quality will enhance the value of shared data and ensure that organisations are aware of data quality issues and the need to address these before sharing data.
• Adoption of data classification guidelines to support organisations in categorising their data based on its sensitivity, importance, or intended use, to ensures that data is handled appropriately throughout its lifecycle from creation and storage to sharing and disposal.
• Adoption of meta data management to support organisations in maintaining accurate descriptions of data sources, formats, ownership, collection methods, update frequencies, and usage rights. For example, in a data-sharing platform, metadata ensures that users understand the context, quality, and reliability of the dataset before using it.
• Adoption of data retention and disposal policies to determine how long data should be stored and when it should be securely deleted in compliance with legal, regulatory, and institutional requirements, while minimising risks associated with storing obsolete data. For example, sensitive information may be retained only for the period necessary to fulfil its original purpose and must be anonymized or destroyed once that period expires.

Proposed Technical Subcommittee (TSC)

The Technical Subcommittee (TSC), comprising members appointed by the Data Governance Unit (DGU), will serve as an advisory and technical body to the DGU. It will ensure compliance with technical requirements, provide guidance on the development of key components that will accelerate the implementation of data-sharing activities.

Final thoughts

The National Data Sharing Policy is seen as a major step forward in enhancing the capabilities of government institutions for data-driven decision making. The policy will also facilitate access to open data for researchers, innovators, and the public, ultimately contributing to the growth of the Rwandan economy.

As the policy emphasises, “The implementation of this new policy will promote efficiency and the optimal use of data assets, paving the way for advanced analytics to enhance decision-making and unlock new opportunities. This will lead to increased investment, spur economic development and entrench Rwanda’s goals of being the innovation hub of Africa insofar as the use of data is concerned.”

For more information on the Data Governance Unit and the implementation of the policy, contact Maryse at maryse.gwiza@statistics.gov.rw.