Entertainment
Startups among entities to face tougher laws as Kenya moves to protect personal data
Startups processing personal data in Kenya are among the entities required to register with the Office of the Data Commissioner (ODPC), as the East African country implements a law protecting the right to privacy of persons within its borders.
The registration, which has kicked off after the coming into effect of the data protection regulations, is mandatory for any company acting as a data controller — defined as a person or entity that determines the purpose and means of processing of personal data– or a processor, which is a company that may not necessarily collect or determine how data is used, but handles it on behalf of another firm.
The data controller or processor is required to reveal the kind of personal data they process, their target subjects, and the reasons for collecting and storing such data.
Despite the ODPC making some exemption based on revenue and number of employees, the registration is mandatory for entities that offer financial services, those that process genetic data, in the telecommunications sector, property management, patient care, education, transport, hospitality, gambling, crime prevention, and direct marketing. Big techs and startups, (like those in fintech, proptech, agtech, edtech and healthtech space) are some of the entities affected by the new regulations.
“Registration is an important element of compliance with the data protection legislation as organizations cannot act as data controller or processor in Kenya unless they have registered with the ODPC,” said Kenya’s data commissioner, Immaculate Kassait, in a statement.
The new regulations, providing guidance to be adhered by data controllers and processors, are designed to give users more power in determining the kind of data that is collected and how it is used.
The law also seeks to promote the enactment of Kenya’s Data Protection Act, which ensures that companies use customer data lawfully, minimizes details collected, restricts sharing and further processing of data, and ensures the people’s data is kept safe.
The regulations, which are akin to EU’s GDPR, also require companies to seek users’ consent before before collecting data, and to specify their intention for collection.
It also outlines that these entities have to seek consent before using the data for commercial purposes. These entities are also required to process the collected personal data through a data server located in Kenya or keep a serving copy within the borders. A company transferring data outside the country can only do so on a number of accounts that also includes the consent of the data subject.
Incase of a data breach, controllers and processors are required to notify the ODPC within 72 hours. The regulation further encourages entities to have in place a data protection officer to ensure compliance, and recommends fines and jail terms for contravention.
-
Entertainment6 days ago
WordPress.org’s login page demands you pledge loyalty to pineapple pizza
-
Entertainment6 days ago
‘Mufasa: The Lion King’ review: Can Barry Jenkins break the Disney machine?
-
Entertainment5 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment4 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment5 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment4 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment3 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment3 days ago
CES 2025 preview: What to expect