What We Do

Mandate of the Office

The mandate of the Office of the Data Protection Commissioner derived from the Data Protection Act 2019 and includes;

  • Regulate the processing of personal data;
  • Ensure that the processing of personal data of a data subject is guided by the principles set out in section 25 of the Act;
  • Protect the privacy of individuals;
  • Establish the legal and institutional mechanism to protect personal data; and
  • Provide data subjects with rights and remedies to protect their personal data from processing that is not in accordance with the Act

Our Functions

The Data Protection Act spells out the functions to be carried out by the Office of The Data Protection Commissioner.

These include;

  1. Oversee the implementation of and be responsible for the enforcement of this Act;
  2. Establish and maintain a register of data controllers and data processors;
  3. Exercise oversight on data processing operations, either of own motion or at the request of a data subject, and verify whether the processing of data is done in accordance with this Act;
  4. Promote self-regulation among data controllers and data processors;
  5. Conduct an assessment, on its own initiative of a public or private body, or at the request of a private or public body for the purpose of ascertaining whether information is processed according to the provisions of this Act or any other relevant law;
  6. Receive and investigate any complaint by any person on infringements of the rights under this Act;
  7. Take such measures as may be necessary to bring the provisions of this Act to the knowledge of the general public;
  8. Carry out inspections of public and private entities with a view to evaluating the processing of personal data;
  9. Promote international cooperation in matters relating to data protection and ensure country’s compliance on data protection obligations under international conventions and agreements;
  10. Undertake research on developments in data processing of personal data and ensure that there is no significant risk or adverse effect of any developments on the privacy of individuals; and
  11. Perform such other functions as may be prescribed by any other law or as necessary for the promotion of object of this Act.
NADPA-RAPDP AGM & Conference

NADPA-RAPDP Annual Conference