Data Protection Regulations: What To Expect

April 9, 2021 - Reading Time: 2 minutes - By Wanjiku Mwai

In January 2021, the Cabinet Secretary for Information, Communications, Technology, Innovation and Youth Affairs Hon. Joe Mucheru constituted the Taskforce on the Development of Data Protection General Regulations. The mandate of this taskforce is to develop data protection regulations, conduct a comprehensive audit of the DPA, identify gaps in the law and propose amendments. The Taskforce is also expected to sensitize stakeholders and the public on the Data Protection (General) Regulations and to undertake stakeholder and public consultation on the Data Protection General Regulations.

The Taskforce comprises Chairperson Immaculate Kassait and members: Dr.Humphrey Njogu, Eng.Daniel Obam, Christopher Maina, Duncan Nyale, Marion Muriithi, Miriam Kakenya, Thuranira Gatuyu, Damaris Mukala, Rose Mosero, Victor Nzomo, Augustus Munywoki. The Joint Secretaries for this Taskforce are Rahab Juma and Brenda Gabantu.

What the Act says

The Data Protection Act, 2019 states that the Cabinet Secretary may make Regulations to provide suitable measures to safeguard a data subject’s rights, freedoms and legitimate interests in connection with the taking of decisions based solely on automated processing. Other areas where the Act expects the Cabinet Secretary to make regulations are:

  • the requirements which are imposed on a data controller or data processor when processing personal data
  • mechanisms of conducting certification program
  • the contents which a notice or registration by a data controller or data processor should contain information to be provided to a data subject and how such information shall be provided 
  • the levying of fees and taking of charges
  • the measures to safeguard a data subject’s rights, freedoms and legitimate interests 
  • the processing of data through a data server or data centre in Kenya
  • issuing and approval of codes of practice and guidelines
  • any other matter that the Cabinet Secretary may deem fit.

So far the Data Protection Commissioner has issued two Guidance Notes: 

(1) Guidance Note on Consent, and 

(2) Guidance Note on Data Protection Impact Assessment. 

The Guidance Note on Consent provides guidance on the processing of personal data on the basis of consent whereas the Guidance Note on Data Protection Impact Assessment provides guidance to data controllers and data processors on when and how to conduct Data Protection Impact Assessments.

To celebrate 100 days, the ODPC launched its official website- which it aims to be a resource tool for provision of data protection information such as guidelines compliance requirements and rights of data subjects. Through the website, members of the public will be able to report breaches, file complaints or report privacy concerns with the Data Protection Commissioner. 

On that day it was also announced that the Data Protection Commissioner had prepared the following draft Guidelines that are awaiting comments and input from the public: 

  • Guidelines on Registration of Data Controllers and Processors; 
  • Certification of Data Controllers and Processors; 
  • Appointment of Data Protection Officers; and 
  • Data Sharing Code and Enforcement. 

The Guidelines are yet to be made public.

On 7th April 2021, the Taskforce on development of Data Protection General Regulations led by the Office of the Data Protection Commissioner briefed the Ministry of ICT led by Cabinet Secretary Joe Mucheru and Principal Secretary Jerome Ochieng. The Taskforce will hold public consultations on the Regulations later this month.

Spread the love

    Who is Who

  • James Mworia’s interview: Centum Investments and designation of Two Rivers as SEZ

    The Centum Investment company is listed on the Nairobi Securities Exchange and the Uganda Securities Exchange. It is a diversified portfolio with assets of about Ksh 50 billion and debt of about Ksh 2 billion.  Since its inception in 1967, Centum Investments has been able

    Spread the love
    More ..
  • WHO IS WHO: New NIS director-general Noordin Haji

    Noordin Haji was on Wednesday, June 14, sworn in as the Director-General of the National Intelligence Service (NIS). This followed his nomination by President William Ruto on May 16 and his approval by Parliament’s Defence and Foreign Relations Committee on Tuesday, June 13.  Mr Haji

    Spread the love
    More ..
  • WHO IS WHO- New Kemsa Board Chairperson Irungu Nyakera

    In a bid to rectify the deep-rooted corruption and mismanagement of medical supplies within the Kenya Medical Supplies Agency (Kemsa), President William Ruto appointed a new board chairperson, Mr Irungu Nyakera. With a track record of academic excellence and a diverse professional background, Mr Nyakera

    Spread the love
    More ..