Data handling companies including telcos, schools and banks are set to be audited to ascertain compliance with privacy laws amid a resurgence in breaches that have seen some penalised by the Office of the Data Protection Commissioner (ODPC). The ODPC is scouting for a consultant to conduct the compliance audit across the country. “The Office of the Data Protection Commissioner intends to competitively engage a consultant to assess the current state of data protection in Kenya including compliance with the Data Protection Act 2019 and the attendant regulations, identify gaps in the implementation of data protection measures, provide recommendations for ensuring compliance and data protection practices and to develop a roadmap for enhancing data protection,” the watchdog said.
Many Kenyans have complained over illegal sharing of personal information and invasion of privacy by marketing firms promoters of products and services. Commonly stored data by businesses include ID numbers, phone numbers, employee records, customer details, and transactions. Sharing or offering for sale personal data is now criminal and could land culprits terms of up to six months or fines of up to Sh5 million.
Kenya’s Data Protection Act came into effect on November 25, 2019, paving the way for the implementation of laws that govern the collection, processing, and storage of personal information both by the government and the private sector. Parliament would later enact regulations to enforce the.