OFFICE OF THE DATA PROTECTION COMMISSIONER KENYA

Phone
+254796954269
Flaticon-mail-2
info@odpc.go.ke
Clock
Mon - Fri: 8.00 am - 5.00 pm
Facebook-f Twitter Instagram Youtube Linkedin
Menu

WHAT WE DO

  1. The Data Protection Act spells out the functions to be carried out by the Office of The Data Protection Commissioner. These include;
  2. Overseeing the implementation of and being responsible for the enforcement of the Data Protection Act.
  3. Establishing and maintaining a register of data controllers and data processors.
  4. Exercising oversight on data processing operations, either of own motion or at the request of a data subject, and verifying whether the processing of data is done in accordance with the Act.
  5. Promoting self-regulation among data controllers and data processors.
  6. Conducting an assessment, on its own initiative of a public or private body, or at the request of a private or public body for the purpose of ascertaining whether the information is processed according to the provisions of the Act or any other relevant law.
  7. Receiving and investigating any complaint by any person on infringements of the rights under the Act.
  8. Taking such measures as may be necessary to bring the provisions of this Act to the knowledge of the general public.
  9. Carrying out inspections of public and private entities with a view to evaluating the processing of personal data.
  10. Promoting international cooperation in matters relating to data protection and ensuring the country’s compliance on data protection obligations under international conventions and agreements.
  11. Undertaking research on developments in data processing of personal data and ensure that there is no significant risk or adverse effect of any developments on the privacy of individuals.
  12. Conducting investigations on own initiative, or on the basis of a complaint made by a data subject or a third party.
  13. Facilitating conciliation, mediation, and negotiations on disputes arising from the Act.

Our Services

Our Esteemed customers should expect the following set of services from us;

INFORMATION

Response to request for information. 

You will submit an enquiry for information and the information will be availed to you in 3 working days. 

Timeline: 3 Working Days

REGISTRATION

Register Data Controllers and Data Processors.

You will be required to complete a registration form and pay stipulated registration fee.

You will also be registered and granted a license of operation valid for one year.

Timeline: 14 Working Days

COMPLAINS AND INVESTIGATION

Receive and investigate any complaint by any person on infringements of the rights under the Act. 

You will fill in a complainant form and a resolution will be communicated to you. 

Timeline: 90 Working Days

INTERNATIONAL COOPERATIONS

Establish international cooperation on data protection obligations under international conventions and agreements.

A concept paper will be required which will result in a signed contract.

Timeline: ANNUALLY

INSPECTIONS

Carry out inspections of public and private entities.

You will fill in an inspection form.

You will receive a certificate and an updated inspection report.

Timeline: MONTHLY

SELF REGULATIONS

Approval of data processing systems.

A system audit will be conducted and you will receive a systems audit report.  

Tmeline: MONTHLY

PAYMENTS

Suppliers will be required to submit applications and payments will be processed within 14 working days.

Timeline: 14 Working Days

FINES AND PENALTIES

Impose administrative fines for failures to comply with Data Protection Act 2019 and regulations.

An investigation report will be required and a demand notice will be issued within three days after the investigation is completed.

Timeline: 3 DAYS AFTER COMPLETION OF INVESTIGATIONS

PROCUREMENTS

To get a contract, you will get a letter of acceptance, offer letter, bid and approval. This takes 30 working days.

LPOs take 2 working days to get an approval after issuing a local purchase order

TIMELINE: 30 WORKING DAYS (CONTRACT) / 2 DAYS (LPO)

APPROVALS

Review and approve Data Impact Assessment Report.

Request a data impact assessment report.

You will receive an approved Impact assessment report. 

Timeline: 5 WORKING DAYS

PUBLIC AWARENESS

To conduct public awareness, you will need a concept paper and public awareness report.

You will have achieved a goal of making informed citizens.

Timeline: MONTHLY

RESEARCH

Carry out research.

A concept paper will be written and the output will be a research report that shall be produced quarterly.

Timeline: QUARTERLY

Skip to content