Just over a year after the enactment of the Data Protection Act, 2019 (the DPA)  Ms. Immaculate Kassait, the former Director of Voter Education, Partnerships and Communications at the Independent Electoral and Boundaries Commission was recently appointed as the first Data Commissioner of Kenya (the Data Commissioner)  by President Uhuru Kenyatta.

27 November 20

The Data Commissioner will head the Office of the Data Protection Commissioner in Kenya, which will oversee the implementation of the DPA and ensure compliance by data processors and data controllers with their obligations under the act. It is expected that, in consultation with the Cabinet Secretary, the Data Commissioner will establish directorates necessary for carrying out the functions of the Office.

It is anticipated that the Data Commissioner will prescribe thresholds required for the mandatory registration of data controllers and data processors. The Data Commissioner will then maintain the register and issue a certificate of registration to the successful applicants who will have met the requirements laid down in the DPA. Furthermore, in consultation with the Cabinet Secretary, the Data Commissioner will prescribe practice guidelines for the commercial use of personal data.

The appointment of the Data Commissioner is an important milestone along the path to properly and fully implement the provisions of the DPA given its relevance to all persons and organisations (both national and international) who in one way or another process personal data while ordinarily resident in Kenya or relating to natural persons within Kenya. For those who fail to comply, the DPA will attract a fine of up to KES 3 million (approx. USD 30,000) or imprisonment of up to 10 years, or both.

Catch up with the key provisions and requirements of the DPA in a comprehensive article which can be read here.

Should you have any queries, clarifications or need any advice with respect to data protection, please do not hesitate to contact  Sonal Tejpar or Anne Kiunuhe.