Strong data protection is vital for economic growth

Loading Article...

For the best experience, please enable JavaScript in your browser settings.

 

Kenya has now walked the data protection journey for five years, a period that has been marked with very unique experiences and that has taught us immense lessons as we charted unknown waters.

While we may not have started the journey long ago, those five years have taught us that enacting the Data Protection Act in 2019 was a bold step for the country, towards protecting the privacy of citizens.

The Office of the Data Protection Commissioner (ODPC) has been in place for an even shorter period (since 2020), but the milestones we have achieved as a nation have started us off on a journey that we will never step back, protecting the dignity of every citizen through protection of their personal information.

Data protection in Kenya, like anywhere else, is a critical component towards strengthening the right to privacy, digital security, and ensuring regulatory compliance in the digital age. Moreover, in the backdrop of the global advancements in digital technologies and the surge in emerging technologies, strong data protection frameworks become vital in leveraging opportunities for economic growth.

Today, many Kenyans have become conscious of giving out their personal information since everyone wants the assurance that it will not be mishandled or used for the wrong purposes. This is a reflection of continued growth in our society, a proof that personal information is no longer a product to be treated just casually.

And with Kenya’s digital revolution matching alongside global trends, immense networking and even economic opportunities that have come with this new sector have also brought forth the challenge of protecting users’ personal data, since we all leave our personal information when we register at different websites and other internet platforms.

In a world that is rapidly digitising, new threats regarding data protection emerge on a daily basis, but we always have to be prepared.

Over the four years, the ODPC has issued eight guidance notes, documents that have been key in enforcing compliance with personal data protection by thousands of data controllers and processors across diverse sectors of the economy.

Through the support of National Assembly, we have also developed several regulations to entrench data privacy in Kenya, including Data Protection (General) Regulations, 2021, Data Protection (Complaints Handling and Enforcement Procedures) Regulations, 2021 and Data Protection (Registration of Data Controllers & Data Processors) Regulations, 2021, helping us regulate different aspects of personal data protection.

Engaging the public on data protection matters while also educating data controllers and processors on the importance of protecting people’s personal information is very impactful and is setting us ahead to lead regional and global conversations on data protection and data governance

These have been some of the areas the ODPC has focused on over the past four years since creation of the office, ensuring that Kenyans personal information when they register at a building, are served at hospitals or different companies where they provide their personal information in order to get services, is treated with care.

In recognition that some challenges with regards to data protection affect just small sections of the economy, we have also developed guidance notes on data protection, four of which are sector-specific.

What is clear is that more Kenyans are becoming aware of their privacy rights and we are receiving an increasing number of informed complaints, a trend that has also had an impact on the ODPC which has enhanced its capacity to serve Kenyans more efficiently.

As a result, we have resolved 88 per cent of the complaints we have received from members of the public to date.

However, even as we forge ahead, major challenges remain. Key among them is the rapid advancement in technologies. Also, while we continue to enlighten the public on its rights with regards to the protection of personal data, there still remains some work to be done to bring everyone into the fold.

The writer is the Data Commissioner