Data Protection in Kenya

Data protection officers in Kenya

Section 24 of the Act

The Act makes provisions for the designation of Data Protection Officers (DPOs) but this obligation is not mandatory.

DPOs can be members of staff and may perform other roles in addition to their roles. A group of entities can share a DPO and the contact details of the ODPO must be published on the organisation’s website and communicated to the DPC.

DPOs have the following roles:

  • Advising the data controller or data processor and their employees on data processing requirements provided under the Act or any other written law;
  • Ensuring compliance with the Act;
  • Facilitating capacity building of staff involved in data processing operations;
  • Providing advice on data protection impact assessment; and
  • Co-operating with the DPC and any other authority on matters relating to data protection.

DPO’s under the Regulations also have the following additional roles: 

  • Monitoring and evaluating the efficiency of the data systems in the organization; and
  • Keeping written records of the processing activities of the civil registration entity.

Continue reading

  • no results

Previous topic
Back to top