The Data Protection Act that came into effect last month is expected to provide a framework for data protection in the country, and help boost privacy of the citizens.
Before the Act was passed, Kenya did not have a specific data protection law that regulated the sector, exposing private data of citizens to misuse.
The law conceived in 2015 is meant to provide a regulatory provision in the collection, retrieval, processing, storing, use and disclosure of personal data.
Under Article 31(c), the Act outlines the right of every person not to have “information relating to their family or private affairs unnecessarily acquired or revealed” and Article 31(d), confers individuals the right not to have “the privacy of their communications infringed”.
Robert Nyamu, a Financial Services and Risk Advisory Leader at East Africa Ernst and Young LLP, says the legislation is timely as it will address customers’ data infringements among telecoms, hospitality industry, various companies and financial institutions.
“Of great importance is the customer’s personal data that is comprehensively discussed in the new Act,” Mr Nyamu says.
He adds that anyone handling customer data in whatever form needs to fully understand the customer’s rights in regard to data protection law.
“It (new law) gives a right to customers in terms of their own data, and as an organisation if you are handling data in whichever format you need to be aware of it,” he adds.
The financial sector, he notes ought to understand the implications of data breach as any compliance failure will result in significant penalties.
The new law, he added, will cause disruption to some players, particularly in the financial sector.
“It is going to cause disruptions in their operating model, and data governance as they have to put in place mechanisms to ensure that they comply with the Act,” he adds.
The law is expected to bring clarity on what data should be classified as well as on the rights and responsibilities of organisations that handle customer data, and more fundamentally on the right of customers in terms of that data.