Data Protection Framework for Kenya.
Kenya’s data protection Framework.
In addressing the inadequate data protection laws, the Kenya government, through the Ministry of ICT, are in the process of formulating a Data protection Framework in order to secure the benefits of Kenya’s digital economy and mitigate ensuing harms. Through a gazette notice number 4367, the Ministry of ICT constituted a Taskforce to develop the Policy and Regulatory Framework for Privacy and Data Protection in Kenya by defining the requirements for the protection of Personal Data. (See ict.go.ke)
In line with the constitutional requirement to subject proposed Regulatory Framework for public consultation, they have invited the public to give comments on proposed policy and bill on or before 12th September 2018.
The above is to address the need to comply with EU’s General Data Protection Regulations.
What is the GDPR (General Data Protection Regulation)?
It is a regulation in EU law that standardizes data protection law for all individuals within the EU member states and the European Economic Area. The strict new rules are on processing and regulating all Personally Identifiable Information (PII). Companies that collect this data were to comply by 25th May 2018.
What type of privacy data does the GDPR protect?
When signing up for our services as a first time client, we ask for PII( Personally Identifiable Information) which helps to identify you as the owner of the particular service and also distinguish you and other users on our database. That is the kind of information that GDPR protects. This includes;
- Biometric data
- Sexual Orientation
- Health and genetic data
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Racial or ethnic data
- Political opinions
The impact on Africa’s business is majorly in regard to how we process client’s data that we collect, how we store it and most definitely how we protect it. A point to note is that collecting and storing of personal data should be done when there’s consent.
What should you do then? As discussions on adapting to the laws continue, one of the best advise shared out has been; Collect only what is extremely necessary, store it for only as long as you need to, and store it properly and securely. It is important that you go through the data processing principles you will need to comply with.
Is GDPR only an EU concern? Do the laws affect Kenya and Africa at large?
It goes without saying that any business offering goods and services to people in EU countries, that require data processing is already affected. With the global increase in the number of countries aligning their data protection frameworks to that of EU, businesses in those countries will have to adapt to the new standards. As mentioned earlier, the Kenyan government is already formulating a data protection framework.
African countries will be required to comply with the GDPR to protect their export industries. It’s inevitable for African countries to comply, as it not only poses risk to the African Economy due to enormous exports to EU countries but also our lack of existing data protection framework for Africa, leaves us with no alternative.
It is, therefore, inherently key for all Kenyan citizens to participate in giving comments on the proposed framework before the said date. And more importantly, try to get an understanding of the GDPR compliance. GDPR compliance is a step for African countries to foster a significant relationship with EU and create strategic partnerships.