Cyber Security, Privacy & Data Protection

CM Advocates LLP - Uganda > Practice Areas > Cyber Security, Privacy & Data Protection

The Data Protection Act, which was enacted on 3^rd May 2019, applies to data controllers and processors established or resident in or outside Uganda in so far as they process personal data while in Uganda or of data subjects located in Uganda. This law was enacted in accordance with the requirements of Article 27 of the Constitution of Uganda. Therefore, data protection and privacy have a constitutional underpinning.

At CM Advocates Uganda, our practice in cybersecurity, privacy and data protection focuses on internet sectors, e-Commerce and intellectual property, regulated industries (like telecom, financial, pharmaceutical, advertisement and gaming sectors) as well as public entities. We have expertise on contentious matters like data protection law-related claims of the individuals affected (such as employees’ information claims) and data breaches as well as non-contentious matters including data protection contracts, cybersecurity and data management advisory, data protection audits and compliance projects. In addition to assisting clients in their response to regulator investigations, we advise on class action lawsuits and other claims that arise out of privacy violations and security breaches. In collaboration with our other teams, we also counsel clients on crosscutting issues including on labour and employment, consumer protection, competition law and product-based liability.

We can advise our clients at each stage of the data lifecycle. At the first stage, we help our clients assess and reduce their privacy and security risks and comply with applicable laws. When developing new products and services or during marketing stage, we assist clients by advising on privacy and security at the outset to maximize the effectiveness of their offerings and avoid legal and regulatory pitfalls. We advise clients on complex issues associated with both personal and sensitive business data, including its collection, use, storage, disclosure, transfer and destruction. We guide and advise clients on legal compliance and business strategy relating to privacy and security risk.

Our areas of work include:

Strategic regulatory compliance advice;
Vendor management program development and implementation; management, cybersecurity and technology transactions.
Cybersecurity and privacy contract development and negotiation;
Data protection programs development;
Data protection, privacy and cybersecurity audits, compliance risk assessment and remediation;
Cyber risk management and incident response;
Privacy policies for organizations and their websites and mobile privacy issues;
M&A and technology transactions;
Data security, privacy and technology regulatory response and litigation;
Regulatory investigations by sector-specific regulators;
Cross-border data flow requirements and solutions.

1. Advisory and Compliance

Our team advises a diverse client base that includes large listed companies and privately held companies on diverse consumer protection issues as well as competition and antitrust issues. We regularly advise board members and senior management on strategic business and policy issues as well as providing competition law, consumer law and regulatory advice to legal teams on transactions.

We have practical experience dealing with issues affecting manufacturing concerns, trade associations, telecommunication and media companies as well as utilities companies.

Our work includes offering compliance advisory on matters related to unconscionable conduct matters, consumer protection requirements, distribution arrangements, licensing agreements, agency business reviews, merger analysis, litigation risk assessment as well as interface between intellectual property, competition and antitrust laws.

2. Market Conduct Counseling

Besides mergers, competition and antitrust laws also regulate the ordinary-course; day-to-day operations of all legitimate businesses, covering, inter alia, distribution, pricing, information exchanges, and trade association activities. In this regard, businesses need to know the “do’s and don’ts” in their engagement or joint activities with competitors. These also need to watch out for unilateral business decisions that may infringe on the competition and antitrust laws. Our team regularly advises businesses on all aspects of competition and antitrust compliance including:

Offering legal opinions on consumer protection, competition and antitrust laws compliance matters;
Creating antitrust compliance programs for businesses, including competition and antitrust laws training for employees, especially those in sales and trading preparation or review of competition policy;
Trade-association membership and activities;
Intellectual property settlements and disputes, including licensing agreements;
Distribution questions;
Exchange of information amongst undertakings;
Exclusive dealing or territories;
Tying arrangements;
Loyalty discounts and other discount models;
Resale Price Maintenance (“RPM”);
Joint buying and selling

Antitrust law affects both large and small companies, and it is important to obtain accurate competition and antitrust counseling to protect your business.

Many interactions with competitors (even innocent ones) have the potential to be mischaracterized as possible antitrust violations. For example, merely following “accepted industry standards,” or engaging in trade association activities, are two areas that can—and have—created problems for businesses of all sizes, unless they followed antitrust safeguards.

Even unilateral actions (like some individual pricing decisions, including price discrimination, individual “Resale Price Maintenance” programs, or individual discounting claims) can expose a company to liability from antitrust agencies or private plaintiffs.

We offer counseling and guidance to help our clients navigate antitrust icebergs that could affect their business. We regularly develop antitrust compliance programs for companies, joint ventures (including joint buying and marketing ventures), and trade associations.

3. Merger and Joint Venture Counseling and Filings

Our main practice in merger counseling involves individuals and companies that simply make passive equity investments or exercise options in other companies in Uganda or regionally.

Such Merger and Acquisition filings are normally based on the combined holdings that a buyer will have in the target after the proposed transaction. This includes what is about to be purchased, combined with all existing holdings in the same target company. Invariably, the existing holdings are measured not only by the existing shareholding of a specific buyer, but by the collective holdings of the entire control group to which the buyer belongs.

We recommend that companies and executives involved in investments establish a competition/antitrust compliance policy for purposes of ensuring compliance

The second area of our merger and joint venture advisory and counselling involve collaboration or joint venture between undertakings. Increasingly, in the modern competitive environment, more companies collaborate with others, including, sometimes, their competitors, in an effort to become more efficient and reduce costs. The ultimate form of collaboration is a full-scale merger. Nevertheless, many companies choose limited collaborations in the form of joint ventures. Both activities are legal but might also trigger competition and antitrust issues.

The competition and antitrust laws questions in mergers or joint ventures are whether the collaborations will create or enhance market power, affect prices, reduce output, or lower innovation. Merely the sharing of sensitive information at the wrong time could create competition and antitrust problems. Our lawyers have experience with hundreds of mergers ranging from small local mergers to regional or global transactions and always strive to give each matters the proper level of analysis and attention and guide and advise the client as appropriate.

Depending on its complexity, a merger or joint venture review could have few or many components, including:

advising on information-sharing limits in due diligence;
where necessary, conducting investigations into the target’s competition and antitrust problems that may be revealed in due diligence;
analyzing the competitive effect of the proposed merger or joint venture;
devising, where necessary, possible remedies including structural (divestitures) and behavioral (consent agreements) to ensure clearance (or, to avoid later competition and antitrust problems if no clearance is required);
considering the transaction’s vertical as well as horizontal impacts;
designing transition and integration-planning activities.

4. Market/Sector Investigations and Competition Litigation

Our team has wide experience dealing with contentious matters such as investigations, enforcement proceedings and litigation by authorities including Uganda Bureau of Standards, competition litigation and appeals before the High Court and Competition Appeal Tribunal as well as alternative dispute resolution and judicial review proceedings. Our experience includes helping clients negotiate for settlement under the Competition Authority’s leniency program, representing parties in civil damages proceedings as well as in criminal investigations under the Competition Act as well as other product liability and consumer protection legislation.

Where are you visiting from?

1. Advisory and Compliance

2. Market Conduct Counseling

3. Merger and Joint Venture Counseling and Filings

4. Market/Sector Investigations and Competition Litigation

Business Unit Head

Bridget NAMBOOZE

Managing Partner

Other Services

Protection of Shareholders Under Uganda’s Companies Act Of 2012

What We Missed Out in the Bank of Uganda and Sudhir Ruparelia Saga

Court Stays Execution of Ham vs DTB Judgment

Are There More Than One Ways to Solve PPDA Related Disputes?

Contingency Strategies to Mitigate the Risks of An Industrial Action