Entertainment
Startups among entities to face tougher laws as Kenya moves to protect personal data
Startups processing personal data in Kenya are among the entities required to register with the Office of the Data Commissioner (ODPC), as the East African country implements a law protecting the right to privacy of persons within its borders.
The registration, which has kicked off after the coming into effect of the data protection regulations, is mandatory for any company acting as a data controller — defined as a person or entity that determines the purpose and means of processing of personal data– or a processor, which is a company that may not necessarily collect or determine how data is used, but handles it on behalf of another firm.
The data controller or processor is required to reveal the kind of personal data they process, their target subjects, and the reasons for collecting and storing such data.
Despite the ODPC making some exemption based on revenue and number of employees, the registration is mandatory for entities that offer financial services, those that process genetic data, in the telecommunications sector, property management, patient care, education, transport, hospitality, gambling, crime prevention, and direct marketing. Big techs and startups, (like those in fintech, proptech, agtech, edtech and healthtech space) are some of the entities affected by the new regulations.
“Registration is an important element of compliance with the data protection legislation as organizations cannot act as data controller or processor in Kenya unless they have registered with the ODPC,” said Kenya’s data commissioner, Immaculate Kassait, in a statement.
The new regulations, providing guidance to be adhered by data controllers and processors, are designed to give users more power in determining the kind of data that is collected and how it is used.
The law also seeks to promote the enactment of Kenya’s Data Protection Act, which ensures that companies use customer data lawfully, minimizes details collected, restricts sharing and further processing of data, and ensures the people’s data is kept safe.
The regulations, which are akin to EU’s GDPR, also require companies to seek users’ consent before before collecting data, and to specify their intention for collection.
It also outlines that these entities have to seek consent before using the data for commercial purposes. These entities are also required to process the collected personal data through a data server located in Kenya or keep a serving copy within the borders. A company transferring data outside the country can only do so on a number of accounts that also includes the consent of the data subject.
Incase of a data breach, controllers and processors are required to notify the ODPC within 72 hours. The regulation further encourages entities to have in place a data protection officer to ensure compliance, and recommends fines and jail terms for contravention.
-
Entertainment7 days ago
Earth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment7 days ago
The space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment6 days ago
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days ago
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment4 days ago
How to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment3 days ago
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment2 days ago
A24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days ago
New teen video-viewing guidelines: What you should know