Data controllers and data processors are now required to register with the Office of Data Protection Commissioner in Kenya.
The parliamentary committee delegated legislation passing the data laws that a company found in breach of the new data regulations will face fines of up to one per cent of their annual turnover.
Fines will require organizations to review their data privacy policies to make them easier for comprehension and prove compliance.
The approved set of regulations includes the data protection (General) regulations 2021, the Data Protection (Complaints Handling and Enforcement Procedures) Regulations, 2021, and the Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021.
The data protection (General) regulations, 2021 provides for rights of a data subject and limitations to commercial use of such information.
In the event of commercialization of data, a data controller or data processor who uses personal data for commercial purposes without the consent of the data subject commits an offence.
He or she is liable, on conviction, to a fine not exceeding Sh20,000 or to a term of imprisonment not exceeding six months, or to both fine and imprisonment according to the data protection act.