In 2019, Kenya signed into law its Data Protection Act making the count of countries in Africa to have in place a law that protected citizens against data violations 27 according to UNCTAD. Having being in discussion for a number of years, the data protection act was widely discussed and compared to the General data protection Regulation (GDPR) that came into effect on 25 May 2018. It is said that the GDPR set the grounds for most data protection laws across the globe.
The Cabinet Secretary ICT in Kenya CS Joseph Mucheru announced there shall soon be a Data Protection Commissioner and as of 23rd June 2020, a list of candidates was gazetted as below;
|1||John Walubengo Nyongesa, OGW||Male|
|2||Thomas Oganga Odhiambo||Male|
|3||Immaculate Kassait, MBS||Female|
|4||Prof. David Gichoya||Male|
|5||Brian Gichana Omwenga||Male|
|6||Anthony Akelo Okulo||Male|
|7||Dr. Kennedy Okong’o (PhD)||Male|
|8||Murshid Abdalla Mohamed||Male|
|9||Mercy Kiiru Wanjau||Female|
|10||Dr. Mwalili Tobias Mbithi||Male|
Duties and Responsibilities The Functions of the Office of the Data Commissioner are provided in Section 8(1) of the Data Protection Act and shall include:
- Overseeing implementation of and being responsible for enforcement of the Data Protection Act.
- Establishing and maintaining a register of data controllers and data processors
- Exercising oversight on data processing operations and verify whether the processing of data is done in accordance with this Act.
- Promoting self-regulation among data controllers and data processors.
- conducting assessment for the purpose of ascertaining whether information is processed according to the provisions of the Act or any other relevant law.
- receiving and investigating any complaint by any person on infringements of the rights under the Act.
- taking such measures as may be necessary to bring the provisions of the Act to the knowledge of the general public.
- carrying out inspections of public and private entities with a view to evaluating the processing of personal data.
- promoting international cooperation in matters relating to data protection and ensure country’s compliance on data protection obligations under international conventions and agreements.
- undertaking research on developments in data processing of personal data and ensuring that there is no significant risk or adverse effect of any developments on the privacy of individuals.
- performing such other functions as may be prescribed by any other law or as necessary for the promotion of object of the Act.
Kenya setting a path to having a Data Protection Commissioner sets a good precedence for organizations to also do the same. The Data Protection Act 2019 mandated organizations to have positions of DPOs, and with the highest office having set the standards, the rest can easily follow in.
Data being the new ‘oil’ on the Internet space and growing by the second, organizations are meant to protect the data from access by cyber criminals maintaining its Confidentiality, Availability & Integrity (CIA Triad). This can be achieved by implementing different solutions, but with the onset of having a DPO (Data Protection Officer), the organizations will more assured that the data is more secure as there is an oversight department in the organization.
May the best candidate win.