Data Protection Complaints Handling Procedure and Enforcement Regulations, 2021

One such mechanism is a complaint to the Office of the Data Protection Commissioner (ODPC) in relation to the conduct of data controllers or data processors. In addition to receiving complaints, the ODPC may also initiate its own investigations into the conduct of data controllers and data processors.

In 2021, we witnessed the ODPC’s investigative and complaints handling functions being called into action in two separate instances. Despite these specific instances being handled within the framework of the DPA, there were no enabling regulations to give clarity on the various procedures involved in an investigation. This has since changed with the issuance of the Data Protection (Complaints Handling Procedure and Enforcement) Regulations, 2021 (the Complaints Regulations).

In part III of the series, we set out the key highlights of the Complaints Regulations, which have been issued to facilitate a fair and expeditious complaints mechanism administered by the ODPC. They further clarify the ODPC’s powers of investigation and enforcement and also for alternative dispute resolution. Click here to read the full article.

Should you have any questions on this legal alert, or need any advice in relation to the Data Protection Regulations, please do not hesitate to reach out to Sonal Tejpar, Anne Kiunuhe or Wangui Kaniaru.

_____________

Contributors

1. Charlotte Patrick-Patel – Senior Associate
2. Jade Makory – Associate
3. Abdulmalik Sugow – Trainee Lawyer
4. Abdullahi Ali – Trainee Lawyer
5. Olivia Njoroge – Trainee Lawyer

The content of this alert is intended to be of general use only and should not be relied upon without seeking specific legal advice on any matter.