The adaptation of the Data Protection Act of 2019 is a key factor in the progress of the data revolution that has put data front and centre of every organisation’s digital transformation. The wave of data protection policies around the world has gained momentum with increasing cases of courts applying data protection and privacy rules.
Kenya took the first step in 2019 by passing the Data Protection Act into law and followed up with the appointment of the first Data Commissioner in late 2020. Since then, neighbouring countries Uganda and Tanzania have followed suit with their own domestic laws and Data Commissioners appointed to advance the implementation.
The next most crucial step in the data protection and privacy movement has been the introduction of guidelines towards implementing the act. To this effect, TripleOKlaw LLP Partnered with Deloitte academy to host the Data Commissioner and demystify the implementation process for organisations at every level.
The webinar had a panel of data protection experts including our own Deputy Managing Partner and Head of Telecommunications, Media and Technology Practice Catherine Kariuki and Partner in TMT practice Janet Othero. The other panellists were Deloitte’s Urvi Patel, Leishan Pillay and Julie Nyangaya with a Keynote address from Immaculate Kassait, the Kenya Data Commissioner and Guest speaker Fiona Makaka, the Data Protection Officer at Safaricom PLC.
The biggest takeout from the webinar included the fact that implementing the act takes up three components: legal and compliance, technology and data and processes. Regarding legal compliance, the recently introduced guidelines from the data commissioner spell out compliance guidelines including mandatory training of data controllers, and policies centred on the protection of the rights of the data subject by default
In working towards technical compliance, data impact assessments will be a necessary component of the technology infrastructure and ensuring that there are procedures and processes that follow through breach management scenarios as required by the Data Protection Regulations.
Data, being the crux of the matter will require enhanced data management policies. As the data commissioner opined, the main goal of the act is the entrenchment of the right to privacy with data subjects given utmost control, “Your entire system must be built on data protection whether by default or design”
For those who were unable to attend, the recording is available at this link: Implementing requirements of the Kenya Data Protection Act: A Regulatory Pressure or an Opportunity for Organisations?
To catch up with highlights and guidelines of the Data Protection Act, read the quick guide from Deloitte at Deloitte Data Protection Act Quick Guide. Follow our analysis of the Data Protection Guidelines at https://tripleoklaw.com/kenyan-draft-data-protection-general-regulations/ and the impact of the Data Protection Act on your business at https://tripleoklaw.com/what-new-data-protection-act-means-for-business/