The Data Protection Act No. 24 of2019 (the Act or DPA hereinafter) which was enacted on 8th November 2019 has a commencement date of 25th November 2019. Its preamble states that it is meant to give effect to Article 31 (c) and (d) of the Constitution. These provisions guarantee that every person has the right to privacy, including not to have information relating to their family or private affairs unnecessarily required or revealed and not to have the privacy of their communications infringed. The Act is a clean-up of several bills that were introduced previously then withdrawn for one reason or the other.
TripleOKLaw LLP, having specialized lawyers in the data protection and Privacy law was actively involved in the stakeholder process continuously giving feedback on circulated draft bills. See our most recent client alert on the data protection bill at www.tripleoklaw.com. The new law comes against the backdrop of the European Union’s General Data Protection Regulations (EUGDPR). Most companies operating in Kenya were still grappling with compliance. Notably, the provisions of the Act mimic those of the EUGDPR and therefore companies that had taken steps towards compliance with EUGDPR will be a step ahead.WHAT-THE-NEW-DATA-PROTECTION-ACT-KENYA-MEANS-FOR-YOUR-BUSINESS
Deputy Managing Partner and Head of Telecommunications, Media & Technology