OFFICE OF THE DATA PROTECTION COMMISSIONER KENYA

Directorates

 

This Directorate is responsible for the following functions: –
(i) Registration of the of data controllers and data processors in compliance with Part III of the Data Protection Act, 2019;
(ii) Certification of all data controllers and data processors in accordance with Part III of the Data Protection Act, 2019;
(iii) Maintenance of a register of data controllers and data processors;
(iv) Provide oversight on data processing operations in the country;
(v) Verify processing of data in accordance with the Data Protection Act, 2019;
(vi) Conduct periodic audits of the processes and systems of the data controllers and data processors to ensure compliance;
(vii) Coordinate data protection impact assessments in Kenya;
(viii) Carry out inspections of all public and private entities on processing of personal data in the country;
(ix) Review and approve data protection impact assessments in accordance with Section 31 of the Data Protection Act 2019;
(x) Ensure compliance with the Data Protection Act in relation to transfer of personal data outside Kenya; and
(xi) Determine the administrative deterrent fines to be imposed on operators who fail to comply with the Data Protection Act.

Directorate Of Complaints, Investigations and Enforcements

This Directorate is tasked with the following responsibilities and functions: –

(i) Receive complaints by any person on possible infringement of the rights under the Data Protection Act;
(ii) Develop, implement and review policies, strategies, and guidelines on handling complaints and investigations;
(iii) Conduct investigations on the basis of a complaint made by a data subject or a third party;
(iv) Issue summons to a witness for purposes of investigating infringement;
(v) Issue summons to any person required to provide explanations, information and assistance to directorate;
(vi) Implement administrative fines for failure to comply with the Data Protection Act;

Directorate Of Research, Policy and Quality Assurance

The Directorate is responsible for the following functions: –
(i) To review and regularly update the regulations and guidelines set out under the Data Protection Act 2019;
(ii) Promote self-regulation among data controllers and data processors;
(iii) Undertake research on developments in processing of personal data and mitigate risk or adverse effects on the privacy of individuals;
(iv) Publicize the provisions of Data Protection Act;
(v) Promote international cooperation in matters relating to data protection;
(vi) Ensure the country’s compliance on data protection obligations under international conventions and agreements;
(vii) Promote collaboration with other bodies or organizations within and outside the country as appropriate in furtherance of the object and purpose of the Data Protection Act, 2019;
(viii) Coordinate the development of guidelines on codes of practice for the data controllers, data processors and data protection officers;
(ix) Coordinate the development of data protection registration and certification standards and data protection seals and marks.

Directorate Of Corporate Services

This directorate is composed of  the following divisions:

(i) Human Resource Management and Administration Division;
(ii) Finance & Accounts Division;
(iii) Information Communication Technology Division and
(iv) Corporate Communication Division.

Directorate of Data Protection Compliance

Skip to content