By 
The Office of the Data Protection Commissioner (ODPC) has imposed fines totaling KSh 9.4 million on three companies for breaches of personal data.
Mulla Pride Ltd., a digital credit provider (DCP) operating KeCredit and Faircash mobile lending apps, has received a penalty of KSh 2.98 million for sharing complainants’ contact information and names with third parties, resulting in threatening messages and phone calls being sent to the affected individuals.
In a statement, ODPC declared, “This penalty will ensure that digital lenders and financial institutions notify data subjects when collecting and processing their data, and specify the purpose of processing the data.”
“It will further ensure that data controllers strictly deal with data subjects who have consented to the collection and processing of their data,” the notice added.
Casa Vera Lounge, located along Ngong Road in Nairobi, has been fined KSh 1.9 million for posting an image of a reveler on its social media platform without obtaining consent.
ODPC noted that the penalty is intended to discourage other establishments from using images of patrons without their consent.
Likewise, Roma School, an educational institution in Uthiru, is required to pay the regulator KSh 4.6 million for posting pictures of minors without parental consent.
“This penalty, being the first and the highest imposed on an educational facility, sends a message to schools and other institutions handling personal data of minors to obtain consent from parents/guardians before processing the data,” ODPC emphasized.
Under Kenyan law, companies are obligated to adhere to the Data Privacy Rights Act and the Data Protection Act.
Data Commissioner Immaculate Kassait urged data controllers and processors to ensure that the processing of personal data aligns with the provisions of the Act.
ODPC stated, “The office has also conducted a compliance audit on WhitePath, a digital credit provider, and an inspection of Naivas Supermarkets regarding recent data breaches.”
“The findings will be shared with the data controllers for their prompt action,” it added.
“The Office will be conducting forty (40) Compliance Audits on various Data Controllers and Processors in various sectors during this Financial Year.”
Comments