In 2019, President Uhuru Kenyatta signed a data protection bill set to change the course of data regulations in Kenya. Today it looks like the times have caught up with Kenyans. In line with new regulations, CCTV, dashcam operators and institutions are now inclined to set up data protection safeguards.
Data Protection Safeguards
The safeguards bring about clarity on how personally identifiable data obtained by firms and government entities can be handled, stored and shared.
They stipulate that learning institutions, churches, landlords and security firms operating CCTV cameras should now offer special safeguards when handling personal data. All these institutions now have to get mandatory certification including
- political campaigners
- gaming and betting firms
- banks, credit reference bureaus
- technology firms
- transport service providers including taxi hailing app
Data Commissioner Immaculate Kassait notes that
- Data processors or controllers will pay a certification fee of Sh250,000
- Businesses will also be charged registration and annual renewal fees of between Sh1,000 and Sh20,000. This is depending on the number of employees, turnover and the risk of exposure of personal information.
She goes on to emphasize that The Data Protection Act requires data controllers and processors both in Kenya and abroad to ensure that all personal data goes through a lawful process. That everything should be clear and concise.
The law also guarantees special safeguards for sensitive data such as one’s marital status, sexual orientation, health status, ethnicity, names of children and biometric data.
Further, the law restricts transfer of personal data to parties outside Kenya. This changes everything as everyone operating CCTV cameras and now dashcam operators have to declare publicly that recording is taking place.
Also note that offences under the Act attract a fine of up to KES5 million or a term of imprisonment of up to 10 years. Or both.
Then again, reports last year showed that almost 90% of Kenyans could care less about data protection. What’s your take?