Skip to content

Kenya Data Protection Act; Did You Know (Part 1)

11 December 2019
– 2 Minute Read


Share on LinkedIn

We’ll be sending regular snippets to our clients highlighting various areas of the Data Protection Act that we feel you should know about.

The Data Protection Act 2019 contains a lot of jargon that we’ll be referring to so for starters we’ve defined some of the key terms that we’ll be using frequently:

  • Data subject: the identified or identifiable natural person who is the subject of the personal data;
  • Personal data: any information relating to a data subject;
  • Identifiable natural person: a person who can be identified directly or indirectly by reference to an “identifier”. Examples of an “identifier” include someone’s name, an ID number, or location data.
  • Data controller: a person, company, public authority or any other organisation or body which, alone or jointly with others, determines the purpose and means of processing the personal data;
  • Data processor: a person, company, public authority or any other organisation or body which processes personal data on behalf of the data controller;
  • Sensitive personal data: data which reveals someone’s race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the person’s children, parents, spouse or spouses, sex or the sexual orientation of the data subject;
  • Consent: any manifestation of express, unequivocal, free, specific and informed indication of a data subject’s wishes by a statement or clear affirmative action, signifying agreement to the processing of personal data relating to the data subject.

DID YOU KNOW – According to an article posted on in January 2019, data breaches cost companies worldwide almost USD4 million on average for every incident.