In our previous article in this series, here, we broadly highlighted some of the procedural obligations on data controllers and data processors introduced by the Data Protection (General) Regulations 2021.


21 February 22

In this article, we focus on one of the major obligations – registration with the Office of the Data Protection Commissioner (ODPC). From July 2022, your organisation may have to register with the ODPC. Approximately 2 years after the enactment of the Data Protection Act (the DPA), the Cabinet Secretary for Information Communication and Technology, Innovation and Youth Affairs (the CS) has issued the Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021 (the Registration Regulations). These Registration Regulations give much needed guidance on the requirements you must meet to register as either a data processor or a data controller.

We briefly set out the key things you should know in this article.

Should you have any questions on this legal alert, or need any advice in relation to the Data Protection Regulations, please do not hesitate to reach out to Sonal Tejpar, Anne Kiunuhe or Wangui Kaniaru.


1. Charlotte Patrick-Patel – Senior Associate
2. Jade Makory – Associate
3. Abdulmalik Sugow – Trainee Lawyer
4. Abdullahi Ali – Trainee Lawyer
5. Olivia Njoroge – Trainee Lawyer

The content of this alert is intended to be of general use only and should not be relied upon without seeking specific legal advice on any matter.