MOMBASA, Kenya 20th March – The Office of the Data Protection Commissioner has urged the Office of the Auditor General (OAG) to incorporate a data protection compliance checklist into its financial and performance audits to strengthen oversight of data governance in public institutions.
These recommendations were made by the Data Commissioner Immaculate Kassait during the Annual Planning Conference for the Auditor General, which brought together senior officers from the OAG team.
“Basic checks, such as verifying whether a public entity has registered with the ODPC, are essential for ensuring that public agencies begin their journey toward lawful data processing, implementing security measures, and upholding data subject rights,” she stated.
In her proposals, she emphasized the importance of the OAG recommending corrective actions when non-compliance is identified, particularly by flagging risks related to weak data governance practices.
“The OAG can complement and emphasize the role of the ODPC by advocating for budgetary allocations for public entities to implement data protection measures, such as recruiting data protection professionals and building staff capacity on data protection,” she further recommended.
She noted that the impact of such measures would compel institutions to prioritize data protection as part of their compliance culture, thereby reducing the risks of data breaches.
The Data Commissioner reaffirmed the ODPC’s commitment to collaborating with the OAG to ensure that all government departments and agencies comply with the Data Protection Act, at a minimum by meeting the Data Handler registration requirements.
“With your support, we can identify risks and recommend mitigation strategies for data mismanagement, as well as advocate for budgets to implement Data Privacy and Protection Programs that enhance understanding of data protection compliance within the public sector,” she added.
