The Office of the Data Protection Commissioner (ODPC) recently issued two penalty notices (monetary penalties) of Sh5 million each to Whitepath Company Limited and Regus Kenya.
For Whitepath, the penalty was imposed on it for failing to comply with a written notice specifying what action should be done to correct a breach.
Regus Kenya's penalty is based on non-cooperation — that is, failing to react to notification of complaints of alleged regular spamming of automated inappropriate information despite efforts to stop it.
Spam is defined as any sort of unwanted and unsolicited digital communication distributed over email for commercial goals.
Many businesses utilise spam to send massive amounts of emails on a regular basis since the cost per email is quite inexpensive.
As a result of the aforementioned ruling and the full implementation of the Data Protection Act, we might witness the end of one of the most vexing annoyances to people's Internet experiences: spam emails.
This is because of drastic changes to consent requirements.
The practice has been that when signing up for anything, organisations frequently add a “contact me about future offers,“ which may be pre-ticked or hidden in a small language, making it easy to give your consent without meaning to or even knowing that you have done so.
However, we are now staring at the disappearance of, unwanted emails from legitimate organisations as individuals need to take deliberate steps to agree to receive emails, and if they change their mind, they can unsubscribe.
Section 30 of the Act establishes the data protection concept of "lawfulness, fairness, and transparency." This implies that you can only use people's data if it is lawful to do so if it is fair to the data subject, and if it is based on clear and unambiguous communication with the data subject (natural person).
And there are a number of lawful bases for you to process (collect, store, use, etc.) people’s data. The first is consent, which must be granted unequivocally and following a thorough explanation of what you intend to do with the data.
Consent must be: recorded; freely provided, precise, informed, and unambiguous; in clear and straightforward language; and data subjects must have the right to withdraw consent at any time with such withdrawal having no impact on the processing.
PAYE Tax Calculator
Note: The results are not exact but very close to the actual.
