Compliance with GDPR and Data Protection Act in Kenya
The new Data Protection law in Kenya is setting a high standard with any infringements of the new law investigated by an independent office.
Actions to support Data Privacy Regulations
Based on a comprehensive DPA readiness roadmap, a tailored transformation program helps organisations prepare in the optimal way for the Data Protection Regulations
- Data Protection & Privacy Impact Assessment
- Data Protection and Privacy Transformation Program
- Data Processing Inventory
- Privacy by design
- Third Party Procedures
Costs to organisations who fail to comply with the DPA
5,000,000 KSh
Serious non-compliance could result in fines of up to five million shillings, or in the case of an undertaking, up to 1% of its annual turnover of the preceding financial year, whichever is lower.
3,000,000 KSh
Individuals could face fines not exceeding three million shillings or an imprisonment term not exceeding ten years, or both.
We are here to help
Request an assessment to review how we can help you adopt best-in-class privacy practices.
FITTS is a leading Kenyan IT and Cloud solutions company, experienced in helping companies deliver and maintain a robust compliant policy for the GDPR and Data Protection Regulations.
OneTrust provides comprehensive enterprise privacy management software to help organisations operationalize compliance and privacy by design.
The Data Protection Act impacts many areas of an organisation
Legal and compliance
Risk, Compliance and Legal Officers
Challenges
Privacy strategies, resourcing, and organisational controls will need to be revised.
Solutions
Implement and maintain audit trails and data journeys to proactively and comprehensively view your data and ability to demonstrate compliance with the Data Protection Act requirements.
Technology
Technology, Information & Security Officers
Challenges
Technology to enable information security and other compliance initiatives, will need to be reconsidered, refocused and repurposed.
Solutions
Build a platform that has privacy at the forefront of the design, build and deployment – such as data access requests, data retention, right to be forgotten, breach notification and international and 3rd party data transfers.
Data
Data and Operating Officers
Challenges
New Information management activities are required which specifically link to compliance demands.
Solutions
Ensure data is protected, governed, managed and utilised effectively in line with the organisation’s strategy
Gain visibility. Take action. Drive automation.
OneTrust unlocks every company’s potential to thrive by doing what’s good for people and the planet. Whether you’re a small company or a large enterprise, our Trust Intelligence Platform connects data, teams, and processes—so you can collaborate seamlessly and put trust at the center of operations and culture.
Global privacy laws like the CCPA, GDPR, and others, have required organisations to change the way they think about privacy. Now, organisations must find ways to effectively manage consumer requests, meticulously document processing activities and data transfers, and stay on top of a rapidly evolving regulatory landscape.
OneTrust demo
OneTrust offers powerful and easy-to-use compliance solutions that are purpose-built to solve challenges at scale – allowing organisations to simplify their privacy program management. Request a demo now!
How FITTS services can help you
Technical and organisational measures
Ensure you are collecting, processing and disposing of Personal Data in accordance with the principles of the GDPR while put in place technical measures to safeguard Personal Data throughout the period of control.
Communication, Training & Awareness
Creating a high level of organisational awareness on privacy ensures that the organisation’s employees know and follow the rules.
Privacy Operations
Embedding privacy into your organisation's project methodology. This is done by efficient and practical guidance during conception of a new or changed product or service (Privacy by Design) as well as assessing new and existing systems following the established Privacy Impact Assessment method.
Design, build and manage IT solutions
Ensure your data is as efficiently as possible, protected, governed, managed and utilised effectively in line with your organisation’s strategy.
Data Privacy and Protection in Kenya: A Regulatory Review 2022
This document has been developed to provide a review of the regulatory framework for data protection in Kenya. The objective of this review is to provide guidance to firms on the impact of DAPA and the extent to which both GDPR and CCPA apply to their businesses and operations. The document provides a detailed regulatory assessment of DAPA against the various articles and recitals in both the GDPR and the CCPA. This comparison identifies some of the challenges that fintech and other firms might face during implementation. However, it is not just about identifying the potential challenges. The document goes further to provide policy recommendations to strengthen the regulatory framework and enhance market function.