The Office of the Data Protection Commissioner (ODPC) has conducted an awareness creation outreach program in Kiambu County to educate stakeholders on the provision of data protection laws, to enhance their capacity to comply.
The data protection awareness program was attended by data controllers and data processors from government agencies, private sectors and Non-Governmental Organizations and included discussions and presentations to encourage their registration obligation.
It has been just over four years since the Kenyan Data Protection Act 2019 (“DPA”) was enacted, which pave way to the office of ODPC that has been mandated to regulate the processing of personal data and to protect the privacy of individuals.
According to ODPC Head of Research and Strategy, Augustus Munyoki, who led the team, the Constitution of Kenya 2010 guarantees every citizen, the right to privacy, as a fundamental right
“I urge all data controllers and processors to get registered in compliance with the regulations which seek to protect the right of individuals and facilitate the realization of a thriving digital economy which relies on data for innovation and growth,” said Munyoki.
He added that all entities handling the personal information of individuals residing in Kenya, are required to register as Data Controllers or Processors, to actualize the provisions of the Data Protection Act, 2019.
“Data protection is the responsibility of every data controller and processor and it must be the Company’s top priority as long as they collect, process or store personal information to avoid penalties,” noted Munyoki
Kiambu County Commissioner (CC), Joshua Nkanatha, who opened the one-day workshop, stressed the need for all data controllers and data processors, to register with the ODPC as it will encourage a smooth transition to a digital economy
“The Digital Superhighway and Creative Economy are a key Agenda of President Ruto’s Administration over 500 government services have already been digitized, therefore, it is vital to ensure safeguards that will protect the processing of personal data,” Nkanatha stated.
The CC further added that the Government has a responsibility to provide services to the citizens, hence, it is the biggest collector of personal data for better service delivery
“This personal data collected by the government include National ID, passport, Birth Certificate, KRA pin, Driving License, NHIF and NSSF, which carry a lot of personal information hence the need for Data Protection Act,” added Nkanatha.
The entities exempted from the mandatory registration under the registration regulations are those whose annual revenue is below Sh5 million and has less than 10 employees.
According to the section 63 of the protection Act 2019 the maximum penalty that may be imposed by the commissioner in a notice is up to Sh5 million or in the case of undertaking, up to one per cent of the companies turn over for the preceding financial year.
By Grace Naishoo