One of the key aspects of data protection compliance is procurement or third party vendor compliance. The Data Protection Act provides that where a data controller desires to use the services of a data processor, then he must first ascertain that the data processor has put in place sufficient safeguards for data protection.
One of the most challenging areas in data privacy compliance is on data breach management. The Data Protection Act, 2019 places an obligation on data controllers to notify the Data Commissioner and data subjects of some types of data breaches. Further, a notification must be done within 72 hours of becoming aware of the data breach. Data Processors must also report data breaches albeit to the data controller. What is a personal data breach and in what circumstances should an organisation make a notification? We tackle some frequently asked questions on this area of data privacy..
Data Protection compliance is a buzz word right now. What is it? Who is responsible? What is the cost of non-compliance? If you are in a leadership position in a company that handles personal data, you may be wondering about these and other related questions. More so, as a board member, you may share similar concerns or you may be wondering what the board’s role should be in compliance.
If you are pursuing privacy compliance, you may need to consider appointing a Data Protection Officer (“DPO”). Although the Act provides for the designation of a DPO in certain instances, it may be worthwhile for all organisations to consider designating one. Who is a Data Protection Officer and what are the benefits of appointing one? We consider common questions associated with the role of the Data Protection Officer.
Prior to 2020, digital lending witnessed an unprecedented rise and growth in Kenya. According to a 2019 FSD report, the boom was fuelled by widespread use of mobile phones, high demand for credit and a lax regulatory environment. Digital lenders fall into two main categories: mobile banking loans(i.e. loans by licensed banks such as M-Shwari) and digital loans (i.e. loans granted by unregulated firms like Tala and Branch). The regulatory environment made it very easy for unregulated providers to enter the market. By 2020, Kenya had over 120 digital lending platforms.
Successful privacy compliance programs hinge on the development and implementation of a wide range of policies. One such policy is the privacy policy. In this FAQ we consider some of the common questions that arise in the development and implementation of privacy policies.
Post Summary:
On 7th April 2021, the Task Force on Development of Data Protection General Regulations tabled draft data protection regulations before the Cabinet Secretary, Ministry of ICT, Innovation and Youth Affairs, Joe Mucheru. In addition, the Data Protection Commissioner published the draft Regulations on its website, paving the way for public consultation.
It has been over 100 days since the appointment of Kenya’s first Data Commissioner. The Data Commissioner is in charge of data protection compliance and enforcement. Let us consider some of the developments that have happened in this time.
In the last article, we considered the potential impact of the Data Protection Act on businesses in Kenya. This week, we consider how creating data maps can contribute to the overall success of your data privacy compliance program.