NAIROBI, Kenya November 19 – The Office of the Data Protection Commissioner (ODPC) marked five years of the Data Protection Act with a half-day conference organized in partnership with Amnesty International. The event brought together key industry stakeholders and partner institutions to reflect on the five years of Kenya’s Data Protection Act.
Key discussions focused on achievements, strengthened governance and accountability, challenges, enforcement, compliance, public awareness opportunities, and adapting to emerging technology and privacy trends. The event was officiated by the Principal Secretary of the State Department of ICT and Digital Economy, who was represented by Bernard Rotich, the Director ICT Systems Audit & Control at the Ministry.
In his remarks, he highlighted that the existence of the ODPC has empowered data subjects with rights to access, rectify, and object to the processing of their information. He noted that the ODPC has enhanced regulatory capacity by establishing robust mechanisms to ensure compliance with the law, offering recourse to data subjects while holding data processors accountable.
“Businesses and institutions across sectors are adopting best practices in data governance, fostering trust among consumers and partners both locally and internationally. The ODPC has been at the forefront of actualizing the vision of data governance by building trust, empowering citizens, and fostering a secure digital economy,” he said in his speech, read by Rotich.
“As a government, we are committed to providing the necessary support to the ODPC and all stakeholders involved. We will continue to invest in capacity-building, promote compliance, and strengthen the legislative framework to address emerging challenges,” the PS assured.
In her remarks, Data Commissioner Immaculate Kassait reflected on the journey of the Data Protection Act, reminiscing about key moments and defining points that propelled the ODPC in its functions.
“When we embarked on this journey, I was told that if a law isn’t tested within its first two years, it won’t survive. Yet here we are, proof of what passion and collective effort can achieve, even through volunteering. Many of us entered uncharted territory, questioning if we could rise to the challenge. Today, this room stands as a testament to your commitment. Let’s take pride in our progress and keep building a brighter future,” she highlighted.
In the second part of the event, two panel discussions were conducted. The first topic, “Reflecting on Five Years of Data Protection,” focused on achievements and lessons learned. This session highlighted milestones in the implementation of the Data Protection Act, 2019, touching on its impact on businesses, government, and civil society.
It featured the Data Commissioner, Grace Bomu (Secretary, Data Governance and Privacy Society of Kenya), Rosemary Koech (Head of Data Protection, KCB Bank Group), and Tevin Gitonga (Head of Data Governance, GIZ Kenya).
The second panel, “The Future of Data Protection: Opportunities and Challenges,” provided insights on the future of data governance, focusing on addressing regulatory gaps, leveraging emerging technologies, and discussing proposals for reform.
The speakers included John Walubengo (Chair, Data Governance Working Group, Ministry of ICT Sector Working Group/Deputy Data Commissioner, ODPC), Rose Mosero (Deputy Data Commissioner, ODPC), Dr. Josephine Mwanzia (Senior Principal Lecturer at Kenya School of Government), Victor Kapiyo of KICTANet, and Joe Githaiga (Partner, Spencer West LLP).
The Data Commissioner further highlighted that the ODPC has achieved key accomplishments, including registering 7,223 data handlers, reviewing 138 Data Protection Impact Assessments (DPIAs), issuing 192 advisories, and conducting 58 audits and inspections.
Additionally, the Office has received complaints, issued 68 determinations, 68 enforcement notices, 11 penalty notices, and resolved 21 cases under the Alternative Dispute Resolution (ADR) framework.