Startups among entities to face tougher laws as Kenya moves to protect personal data – TechCrunch

Startups processing personal data in Kenya are among the organizations required to register with the Office of the Data Commissioner (ODPC) as the East African country implements a law protecting the right to privacy of individuals within its borders.

Registration, which started after the data protection regulations came into force, is mandatory for any company that acts as a data controller – defined as a natural or legal person who determines the purposes and means of processing personal data – or a processor that is a company , which does not necessarily collect data or determine how data is used, but processes it on behalf of another company.

The data controller or processor is required to disclose the nature of the personal data it processes, who it serves, and the reasons for collecting and storing that data.

Although the ODPC makes some exceptions based on turnover and number of employees, registration is mandatory for companies that provide financial services that process genetic data, in the telecommunications sector, in real estate management, in patient care, in education, in transport, in the hospitality industry, in gambling, crime prevention and direct marketing. Big techs and startups (like fintech, proptech, agtech, edtech, and healthtech space) are some of the companies impacted by the new regulations.

“Registration is an important element in complying with data protection laws, as organizations in Kenya cannot act as data controllers or processors unless they have registered with the ODPC,” Kenya’s Data Commissioner Immaculate Kassait said in a statement.

The new rules, which provide guidance to be followed by data controllers and processors, aim to give users more powers to determine the type of data collected and how it is used.

The law also aims to promote the passage of the Kenya Data Protection Act, which will ensure companies use customer data lawfully, minimize the details collected, limit the sharing and further processing of data, and ensure people’s data is kept safe.

The regulations, which are similar to the EU GDPR, also require companies to obtain user consent and state their intention to collect before collecting data.

It also explains that these companies must obtain consent before using the data for commercial purposes. These companies are also required to process the collected personal data through a data server located in Kenya or keep a service copy within the borders. A company that transfers data abroad can only do so on a set of accounts that also include consent from the data subject.

In the event of a data breach, controllers and processors must notify the ODPC within 72 hours. The regulation also encourages companies to use a data protection officer to ensure compliance and recommends fines and jail time for violators. Startups among entities to face tougher laws as Kenya moves to protect personal data – TechCrunch

Snopx is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button