KENYA: NEW DEVELOPMENTS IN DATA PROTECTION
Commissioner Kassait has not delayed in getting the Office of the Data Protection Commissioner (“ODPC”) up and running (see our last update on her appointment (here). Although she is still in the process of negotiating a budget for the ODPC to enable her to properly fulfil her mandate, her progress is encouraging to see. We have briefly summarised some of the latest noteworthy developments:
- The Office of the Data Protection Commissioner recently launched its new official website - www.odpc.go.ke. The website will serve as a useful platform to members of the public providing access to important resources on data protection. Through the website, entities or individuals will be able to report a data breach, file complaints or report any concerns.
- The Cabinet Secretary, Ministry of ICT, Innovation and Youth Affairs gazetted the Taskforce on Development of Data Protection Regulations in January 2021. The role of the Taskforce will be to undertake a comprehensive audit of the Data Protection Act, 2019 and propose any new policy, legal and institutional framework that may be required to implement the Data Protection Act - 2019. Finally and importantly, the Taskforce will be responsible for drafting the Data Protection (General) Regulation
- The ODPC has made headway with the publication of certain Guidelines. The following Guidelines have been published on the ODPC website and are awaiting public participation. These are:
- Seeking Consent from Data Subjects; and,
- Data Impact Assessment.
- Finally, the Guidelines listed below are yet to be published and we will provide updates on these as and when they are made available:
- Registration of Data Controllers and Processors
- Certification of Data Controllers and Processors;
- Appointment of Data Protection Officers;
- Data Sharing Code and Enforcement.