OUR DATA PRIVACY POLICY

In Kenya, data protection is governed by the Data Protection Act of 2019, which mandates organizations to obtain consent before collecting, using, or disclosing personal data, and grants individuals rights to access, correct, and delete their information. The Office of the Data Protection Commissioner (ODPC) ensures compliance. 

Here’s a more detailed explanation:
Key Aspects of the Data Protection Act, 2019:
    • Purpose:

      The Act aims to protect the privacy of individuals by regulating the processing of personal data. 

    • Rights of Data Subjects:
      Individuals have the right to:
    • Access their personal data. 
    • Rectify inaccurate or incomplete data. 
    • Delete their personal data. 
    • Object to the processing of their data. 
    • Request data portability. 
  • Obligations of Data Controllers and Processors:
  • Process personal data lawfully, fairly, and transparently. 
  • Obtain consent for data collection and processing. 
  • Ensure data security and confidentiality. 
  • Designate a data processor to provide sufficient security measures to protect the processing of personal data. 
  • Develop and publish a data protection policy. 
  • Role of the Office of the Data Protection Commissioner (ODPC):
  • Regulate the processing of personal data. 
  • Ensure compliance with the Act. 
  • Provide data subjects with rights and remedies. 
  • Investigate complaints and enforce compliance. 
  • Penalties for Non-Compliance:

    The Act provides for penalties for non-compliance, including fines and imprisonment. 

  • Data Protection Policy:

    Data controllers and processors are required to develop, publish, and regularly update a data protection policy reflecting their personal data handling practices. 

  • Data Breach Notification:

    Organizations must have procedures in place to detect, handle, report, and learn from data breaches. 

  • Data Transfers:

    Transferring data across borders is permitted only under specific circumstances, requiring organizations to adhere to certain safeguards. 

  • Data Minimization:

    Organizations should only collect and process the personal data that is necessary for the purpose for which it is collected. 

  • Data Accuracy:

    Organizations should ensure that personal data is accurate and kept up to date. 

  • Data Storage Limitation:
    Organizations should store personal data only for as long as is necessary for the purpose for which it was collected.