Compliance with GDPR and Data Protection Act in Kenya

The new Data Protection law in Kenya is setting a high standard with any infringements of the new law investigated by an independent office.

Actions to support Data Privacy Regulations

Based on a comprehensive DPA readiness roadmap, a tailored transformation program helps organisations prepare in the optimal way for the Data Protection Regulations

  • Data Protection & Privacy Impact Assessment
  • Data Protection and Privacy Transformation Program
  • Data Processing Inventory
  • Privacy by design
  • Third Party Procedures

Costs to organisations who fail to comply with the DPA

5,000,000 KSh

Serious non-compliance could result in fines of up to five million shillings, or in the case of an undertaking, up to 1% of its annual turnover of the preceding financial year, whichever is lower.

3,000,000 KSh

Individuals could face fines not exceeding three million shillings or an imprisonment term not exceeding ten years, or both.

We are here to help
Request an assessment to review how we can help you adopt best-in-class privacy practices.

FITTS is a leading Kenyan IT and Cloud solutions company, experienced in helping companies deliver and maintain a robust compliant policy for the GDPR and Data Protection Regulations.

OneTrust provides comprehensive enterprise privacy management software to help organisations operationalize compliance and privacy by design.

The Data Protection Act impacts many areas of an organisation

Legal and compliance

Risk, Compliance and Legal Officers


Privacy strategies, resourcing, and organisational controls will need to be revised.


Implement and maintain audit trails and data journeys to proactively and comprehensively view your data and ability to demonstrate compliance with the Data Protection Act requirements.


Technology, Information & Security Officers


Technology to enable information security and other compliance initiatives, will need to be reconsidered, refocused and repurposed.


Build a platform that has privacy at the forefront of the design, build and deployment – such as data access  requests, data retention, right to be forgotten, breach notification and international and 3rd party  data transfers.


Data and Operating Officers


New Information management activities are required which specifically link to compliance demands.


Ensure data is protected, governed, managed and utilised effectively  in line with the organisation’s strategy

Gain visibility. Take action. Drive automation.

OneTrust unlocks every company’s potential to thrive by doing what’s good for people and the planet. Whether you’re a small company or a large enterprise, our Trust Intelligence Platform connects data, teams, and processes—so you can collaborate seamlessly and put trust at the center of operations and culture.

Global privacy laws like the CCPA, GDPR, and others, have required organisations to change the way they think about privacy. Now, organisations must find ways to effectively manage consumer requests, meticulously document processing activities and data transfers, and stay on top of a rapidly evolving regulatory landscape.

OneTrust demo

OneTrust offers powerful and easy-to-use compliance solutions that are purpose-built to solve challenges at scale – allowing organisations to simplify their privacy program management.  Request a demo now!

Request a demo

How FITTS services can help you

Technical and organisational measures

Ensure you are collecting, processing and disposing of Personal Data in accordance with the principles of the GDPR while put in place technical measures to safeguard Personal Data throughout the period of control.

Communication, Training & Awareness

Creating a high level of organisational awareness on privacy ensures that the organisation’s employees know and follow the rules.

Privacy Operations

Embedding privacy into your organisation's project methodology. This is done by  efficient and practical guidance during conception of a new or changed product or  service (Privacy by Design) as well as assessing new and existing systems following  the established Privacy Impact Assessment method.

Design, build and manage IT solutions

Ensure your data is as efficiently as possible, protected, governed, managed and utilised effectively in line with your organisation’s strategy.