Fintech credit provider Tala has been approved by the Office of Data Protection Commissioner (ODPC) to process customers' data as well as share with third parties.
On 14 July 2022, ODPC had invited firms to submit applications in order to be allowed to process customer data in accordance with the 2019 Data Protection Act.
Under the Act, firms handling Kenyans' data are required to register as Data Controllers or Processors to be allowed to use or share clients' data.
“This is a great milestone for our company, especially as we diversify our product portfolio and expand across markets. I would like to emphasize that at the core of Tala’s consumer data protection policies are the safeguards, security measures and mechanisms we have implemented to protect personal data, so that we are able to swiftly react to any potential data breach,
“It is also important that we inform our consumers that they have the right to request for access to, clarification, restriction, rectification, or deletion of their personal data from our records, and our Customer Experience Team is committed to responding to such requests promptly, and within the timelines provided for by the Data Protection Act,” Tala’s General Manager Munyi Nthigah said.
ODPC has received 1,660 applications from companies seeking to register as data controllers or processors.
Applications came from government agencies, non-profit entities, private organizations, religious institutions, among others.
As of 2 September 2022, the office had issued 332 entities with certificates of registration while 805 others were yet to make payments to proceed with the application process.
Another 459 entities are still in the registration stage while the registration of 64 other entities are under review.
“The registration requirements are subject to the annual turnover and number of employees of an entity with an exemption of certain entities which must register regardless of these requirements,” the ODPC said in a statement.
