Data Commissioner Immaculate Kassait, Kenya’s first data commissioner, called for partnerships to collectively navigate the challenges posed by the collection of data in line with digital disruption across the world.
The Office of the Data Protection Commissioner (ODPC) is eyeing government regulators, the private sector, and civil society organisations as it seeks to increase its portfolio of data controllers and data processors.
It did so by hosting a meeting at Muthu Silver Springs Hotel, Nairobi, which brought together various government regulators including the Central Bank of Kenya, National Transport & Safety Authority, National Construction Authority, Energy and Petroleum Regulatory Authority (EPRA), Media Council of Kenya (MCK) and Capital Markets Authority among others.
The invite was extended to the Matatu Owners Association, Pub & Restaurant Owners Association, and the Kenya Association of Manufacturers (KAM) in ODPC’s bid to tap into the informal sector in terms of spreading the gospel regarding data compliance.
Data Commissioner Immaculate Kassait, Kenya’s first data commissioner, called for partnerships to collectively navigate the challenges posed by the collection of data in line with digital disruption across the world.
Data Commissioner Immaculate Kassait during a meeting on September 9, 2024. /PHOTO
“We are gathered here today because we recognize that no single entity can tackle the challenges of data protection alone. Whether we represent the government, the private sector, or civil society, we each have a role to play in this ecosystem. That is why partnerships like the ones we are celebrating today are essential,” she addressed.
“Data protection is intrinsically linked to human rights. When we fail to protect personal data, we risk infringing on the right to privacy, freedom of expression, and in some cases, even the right to security.”
Kassait warned that the misuse of data can lead to discrimination, exclusion, and a loss of trust in institutions, thus the need for concerted efforts across sectors cannot be overstated.
In preaching the value of partnerships, Kassait noted that this will help the ODPC build a culture of responsibility around data usage, stressing that “We need to educate individuals, businesses and entities that we accredit or register on the importance of data privacy and empower them to adopt secure and ethical data practices. Encourage them to comply with the various provisions of the Data Protection Act.”
Taking them through the steps of compliance, she called on the stakeholders to register with ODPC, though noting that this was not merely a formality but a legal obligation ensuring transparency and accountability.
Registration would allow ODPC to identify and track entities processing personal data, assess their compliance with the law, and intervene when necessary to protect individuals’ data rights. “For this reason, we are placing strong emphasis on registration compliance as a critical component of data protection in Kenya,” she added.
“As regulators, membership bodies and associations in your respective sectors, you play an instrumental role in ensuring that the entities you oversee adhere to the law. These entities are often the primary processors of personal data in Kenya, making you critical partners in our efforts to enforce compliance.”
In today’s world, data is the new currency, which is generated in vast amounts daily, through mobile devices, social media, e-commerce, and even our interactions with public and private institutions.
In Kenya, the digital revolution has brought with it immense benefits, driving economic growth, innovation, and improving service delivery. However, this has also introduced risks and challenges that, according to Kassait, must be addressed.
“But as we embrace this digital age, we are also seeing trends that raise concerns. Data breaches, identity theft, unauthorized sharing of personal data, and intrusive surveillance are becoming more prevalent, not just globally, but here at home.
“This is why the protection of personal data is not only a regulatory requirement but a moral imperative. By ensuring robust data protection, we safeguard not just individual privacy, but also foster trust in our systems and institutions,” she added.
Deputy Data Commissioner for Compliance, Rose Mosero, elaborated that regulators need to ensure that their organisations as well as other entities they deal with need to seek certification to facilitate compliance with Data Protection laws.
She outlined that regulated entities, suppliers, service providers, consultants, public relations firms and ICT providers are required to be registered as controllers and processors.
