DATA PROTECTION COMPLIANCE
In early 2022 Kenya’s new data protection regulations came into effect, governing what businesses inside and outside the country can do with information about Kenyan citizens. The law is far-reaching and will have a significant impact on how many companies process data. It represents a major step forward for people’s online privacy in the country. There are key focus areas by the Data Protection Act 2019, they are;
With DPA, individuals have a right to access, correct, export, object to processing of their personal data or request to be forgotten by the entity holding their data. All this rights have be managed and processed within 30 days of request.
The DPA requires organizations to understand what types of data they collect, process and store. It also is required that all data be classified in terms of who has access and what access rights is assigned to the authorized parties.
CONTROLS & NOTIFICATIONS
The regulation has put in strict security requirments on personal data. The entities have a breach notification obligation as well as appropirate consents for data processing. A breach should be reported within 72 hours of realization.
IT & TRAINING
Businesses will need to invest in Data Protection Officers or outsourced DPO in order to meet the compliance. Training across the organization will be neccessary so that evryone knows their responsibility. The Incidence procedure should also be clear and communicated to all staff.
MONITORING & EVALUATION
After meeting all the requirements, the organizations are meant to monitor and improve on the processes and procedures to data protection compliance. This includes automation, frequent policy reviews, and contractual improvements with the contractors.