Kenya’s Data Protection Act (the “DPA”) entered into force on 25 November 2019.
The DPA gives effect to the provisions of Article 31 of Kenya's Constitution which provide for the fundamental right to privacy. The DPA is largely modelled on European Union’s GDPR.
We wish to update you on recent developments in relation to the DPA and on issues relating to data protection in Kenya generally as follows:
Given all these recent developments, we recommend that data controllers and data processors take immediate steps to ensure compliance with the DPA including undertaking audits on how they process personal data, putting in place data privacy policies, data privacy notices, data transfer/sharing agreements and data storage policies and reviewing/inserting data protection clauses in standard form contracts.
heading