What are the rights of data protection?

The Data Protection Act of Kenya is a legislation enacted in 2019 aimed at safeguarding data privacy, closely resembling the EU’s GDPR (General Data Protection Regulation). It aims to uphold the privacy rights of data subjects within Kenya, ensuring responsible handling of user data by companies and organizations referred to as Data Controllers and/or Data Processors. Consent stands as a pivotal requirement under the Data Protection Act of Kenya, emphasizing the importance of user consent in data processing activities.

Kenya’s Data Protection Act grants various rights to data subjects, drawing inspiration from the EU’s GDPR.

These rights encompass:

1. Right to be Informed: Data subjects have the right to be informed about the collection of their personal data, including details such as the purpose of collection and any sharing with third parties.

2. Right to Access: In alignment with the EU’s GDPR, data subjects can access the data collected about them, enhancing transparency and control.

3. Right to Erasure: This right applies under specific circumstances, allowing data subjects to request the deletion of outdated, incomplete, inaccurate, or unlawfully obtained data.

4. Right to Opt-Out: Data subjects possess the right to opt out of data collection, mirroring the provision in the EU’s GDPR.

6. Right to Data Portability: Data subjects have the right to receive their data in a structured, machine-readable format. They can also transfer this data to another controller or processor or request a transfer where feasible.

7. Right not to be Subject to Automated Decision-making: Data subjects reserve the right not to be subjected to automated decision-making, including profiling, which may have legal effects or significantly impact them. This protection is in line with the GDPR’s provisions.