Editorials

Ease data compliance burden on saccos, SMEs

kassait

Data Protection Commissioner Immaculate Kassait. FILE PHOTO | NMG

With the enactment of the Data Protection Act in 2019, organisations -- big or small – are expected to, among other things, register as data processors or controllers and instal technology to prevent theft of personal information.

But a report released last week by the consultancy firm EY Kenya shows low levels of compliance among non-governmental organisations, small and medium enterprises (SMEs) and savings and credit cooperative societies (saccos).

The listing of saccos among the laggards will especially raise concerns among the millions of Kenyans who have entrusted the entities with their savings.

Data from the latest Economic Survey show that saccos’ deposits rose to Sh540.5 billion in 2021 while they issued loans worth Sh523 billion.

The saccos also operate in a space that is increasing being targeted for cyber-attacks. Given the important role the saccos play in Kenya’s financial system and economy, there is need to urgently address the low compliance with data protection laws that leaves them vulnerable to data breaches.

Regulators could, for instance, explore ways to ease the burden on saccos struggling with the high cost of compliance.

In addition to installing expensive technology, an organisation needs to hire additional staff such as data protection officers and train employees.

The Data Commissioner’s office also needs to step up public awareness and stakeholder engagement to make more organisations, including SMEs and NGOs, understand their data protection obligations.