Data Protection Act Kenya
Frequently Asked Questions (Quick FAQ’s) on data protection act 2019.
How well-acquainted are you with the Data Protection Act 2019 in Kenya? An Act of Parliament gave effect to Article 31(c) and (d) of the Constitution; to establish the Office of the Data Protection Commissioner; to make provision for the regulation of the processing of personal data; to provide for the rights of data subjects and obligations of data controllers and processors; and for connected purposes
Explore our #MeaningfulMonday #MondayNuggets with a quick FAQ session:
The Data Protection act Kenya – Date of Assent: 8th November, 2019.
Date of Commencement: 25th November, 2019
The Data Protection Act Kenya Established the Office of the Data Protection Commissioner commonly known as the ODPC Kenya) whose HQ is at Britam Tower, 12th & 13th Floor. Hospital Road, Upper Hill – Nairobi
Data protection commissioner is Ms. Immaculate Kassait MBS, she is the current and Kenya’s first Data Commissioner. She was sworn in On 16th November 2020.
You’re a controller if you determine the purpose and manner in which personal data is processed. You’re a processor if you process personal data on behalf of a data controller and you’re subject to their authority e.g. a payroll service provider.
The fees payable are between Kshs. 4,000/- to Kshs. 40,000/- with a renewal fee between Kshs. 2000/- and Kshs. 25,000/- after every 2 years.
To break it down further –
1. Micro and small private organization’s (less than 50 employees and annual of less than Kshs 5 million) Registration fee – Kshs 4,000 and renewal fee Kshs 2,000 after 2 years.
2. Medium-sized private organizations (51 – 99 employees and annual turnover of more than 5 million but less than 50 million)- Registration fee – Kshs 16,000 and renewal fee Kshs 9,000 after 2 years.
3. Large private organizations (more than 99 employees and an annual turnover of more than Ksh 50 million) – Registration fee – Kshs 40,000 and renewal fee Kshs 25,000 after 2 years.
4. Public entities – Registration fee – Kshs 4,000 and renewal fee Kshs 2,000 after 2 years.
5. Charitable and religious entities – Registration fee – Kshs 4,000 and renewal fee Kshs 2,000 after 2 years.
The Data Protection Act mandates that data controllers, must report any data breaches to the ODPC within 72 hours of becoming aware of the incident
How can we help ?
We have been in the frontline working with different organizations in Africa on their Data Protection and Privacy compliance journey including Safaricom PLC , Siginon Group, KWFT an many more. Here are a number of things we can help you with:
- Data Protection Act Awareness Staff Training
- Gap Assessment’s to determine whether you are a Data Controller, Data Processor or both.
- Carry out Data Protection Impact Assessments and Data Protection Audits
- Registration with the office of the data protection commissioner – the ODPC.
- Data Protection Consultancy Services
- Data Protection Implementation Roadmap
- ISO 27701 Privacy Management Systems Standard implementation
- Join our Upcoming Certified Data Protection Officer Trainings, become a CDPO!
No comments yet