Kenya: Kenyan Businesses Have Shown Increased Appetite for Data Protection – Kassait

Majority of businesses have shown an increased appetite for the data registration requirements put in place by the law ahead of the July 14 deadline, Data Commissioner Immaculate Kassait has said.

Kassait noted that the businesses have realized that data protection is a key enabler in their work, and are now keen to ensure they are complying with the requirements.

“Data protection is the new oil for businesses locally and globally and most have realized this as the possibility of a breach could affect them with either bad reputation or low revenues so many are ensuring that they are compliant,” she said.

Kassait spoke during the launch of Johan ICT Kenya, a firm that assists firms in data protection compliance.

Johan ICT, Managing Consultant Akin Oyegoke says the UK-based platform will offer integrated audit and compliance implementation services that will guide organizations towards aligning their business processes with the provisions of the Kenya Data Protection Act which was enacted in 2019.

The Data Protection act has given organizations have been given up to 14 July to comply with all the requirements of data protection and compliance.

In order to register, data controllers and processors are required to provide to the Office of the Data Protection Commissioner (ODPC) a range of information including a description of the personal data to be processed.

A description of the purpose for which the personal data is processed must be indicated, the category of data subjects to which the personal data relates and the contact details of the data controller.

Any measures to protect the data subjects from unlawful use of their personal data by the data controller must also be listed in the online registration portal.

In the event of commercialization of data, a data controller who uses personal data for commercial purposes without the consent of the data subject commits an offense.

He or she is liable, on conviction, to a fine not exceeding Sh20,000 or to a term of imprisonment not exceeding six months, or to both fine and imprisonment according to the data protection act.

ICT CS Joe Mucheru who was also at the launch noted that it is important for all firms to comply with the regulations so that in the case of a data breach the culprits will face the law.