Watchdog certifies 1,400 entities as data handlers


Data Protection Commissioner, Immaculate Kassait. FILE PHOTO | JEFF ANGOTE | NMG

The Office of the Data Protection Commissioner (ODPC) has issued compliance certificates to 1,417 entities that have registered as data processors and controllers, up from 332 that had been issued as of September 2 last year.

Data Protection Commissioner Immaculate Kassait who spoke on Friday at the launch of the Data Protection Registration System said the certificates would be renewable after every two years.

β€œThe new registration system will be able to display the entire process of registration and everything will be completed online. So you go to the website, you apply for registration, we verify your documents and we issue a digital certificate renewable after two years,” she said.

The registration commenced on July 14 last year following the enactment of a new set of regulations by Parliament in March requiring all entities handling the personal information of individuals in Kenya to register as data controllers or processors.

The laws include the data protection (General) regulations 2021, the Data Protection (Complaints Handling and Enforcement Procedures) Regulations, 2021, and the Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021.

Companies that breach the rules face fines of not more than Sh5 million or up to one per cent of their annual turnover.

They came into force on the backdrop of increased complaints about the lack of data protection laws and abuse of personal information, especially by digital lenders, political parties and human resource departments.

Some of the entities targeted include telecommunications firms, digital ride-hailing service providers, building managers and businesses operating CCTV, dispensaries, and primary and secondary schools.

Renewable after every two years, the registration costs a range of between Sh4,000 and Sh40,000 with ODPC saying the applications received so far vary from government agencies, private organisations, non-profit entities and religious institutions among others.

The Data Commissioner had marked 13 sectors for mandatory registration including processors of genetic data like medical research companies and medical labs, bars, restaurants and healthcare providers.

Others on the list were law firms, property managers, real estate agencies, and financial service providers such as digital lenders, Saccos and mobile money agents.

Organisations that have an annual turnover of less than Sh5 million or less than 10 employees were exempted from registration.

ODPC lists on its website companies that have complied and have been granted the registration certificate.

PAYE Tax Calculator

Note: The results are not exact but very close to the actual.