Nairobi, February 24, 2021: The office of the Data Protection Commissioner (ODPC) launched its 100 days’ status report since its establishment highlighting key achievements towards safeguarding data privacy rights.
In its 100 days the Office launched six products including two guidelines, one manual and service charter. The other two product are operational interactive website and social media platforms as we all the Office’s brand identity.
The 100 days’ achievement is based on a one-year operational plan with 12 priority areas that fall broadly into four categories namely establishment of internal structures, development of operational framework including general regulations, awareness creation and stakeholder consultation as well as promoting international co-operation.
Speaking at the launch of the status update, the Data Commissioner Immaculate Kassait said, “The Data Protection Act 2019 provides a framework to place Kenya in the global and regional map as the Silicon Savannah. We have an opportunity to take back control of our data privacy. The time has come to ask; why do you need the personal information and what will it be used for?”
The six products are (i) Draft Guidelines on Obtaining Consent from Data Subjects, (ii) Draft Manual on Complaints, (iii) Draft Citizen Service Charter (iv) Draft Guidelines on conducting data impact assessment (v) Operational interactive website and social media platforms in place, and (vi) Brand Identity.
While launching the milestones, the Cabinet Secretary, Ministry of ICT, Innovation & Youth Affairs, Hon. Joe Mucheru recognized the importance of safeguarding data privacy and guaranteed maximum support.
“My Ministry recognizes the importance of the Office of the Data Protection Commissioner and will continue to walk the journey with the Data Commissioner even past these 100 days and ensure our full support,” said the CS Joe Mucheru.
About Office of the Data Protection Commissioner
The Office of the Data Protection Commissioner is a regulatory office, established pursuant to the Data Protection Act, 2019 with a mandate of regulating the processing of personal data; ensuring that the processing of personal data of a data subject is guided by the principles set out in Section 25 of the Act; protecting the privacy of individuals; establishing the legal and institutional mechanism to protect personal data and providing data subjects with rights and remedies to protect their personal data from processing that is not in accordance with the Act. The first Data Protection Commissioner was appointed in November 16, 2020.
FACT SHEETON 100 DAYS STATUS UPDATE
Citizen Service Charter
The Charter identifies the core services that the Office of the Data Protection Commissioner offers and sets out standards that the Office commit in serving the customers. This Charter has been developed with an objective of defining who Office of the Data Protection Commissioner are, the customers, services offered and standards of delivering these services. Further, the Charter sets out the service standards and outlines the rights and obligations of the customers.
Specifically, Service Charter aims to;
Enhance our Customers’ awareness on the services the office provides;
Inform our Customers the standards of services they should expect from the office;
Outline Customers’ rights and responsibilities;
explain our rights and responsibilities as service provider; and
Describe how our Customers can lodge complaints and make suggestions about our service delivery.
Complaints Management Manual
The Complaints Management Manual gives details of how complaints will be received and handles by the Office of the Data Commissioner. The Manual provides for what information is required to be provided by a person making a complain, and attaches a complaints form, how to make a complaint and how a complaint is processed through the Office.
Guidance Note on Consent
The Data Protection Act provides for consent from an individual as the key lawful basis for which Organisations can rely on to collect and process an individual’s personal information. The Data Protection Act states that processing should be subject to an individual’s consents to the collection and processing for one or more specified purposes. Further, the Act makes provision for when consent should be obtained from data subjects.
The Guidelines were developed to assist organisations understand their obligations under the Act and understand and appreciate their obligations as relates to obtaining Consent and to give practical guidance.
Guidance Note on Data Protection Impact Assessment
The Data Protection Act 2019 requires entities collecting personal information of individuals to undertake a Data Protection Impact Assessment and submit to the Office of the Data Protection Commissioner, in the event that the processing of the information presents a high risk to the individual.
These guidelines were developed to assist organisations understand their obligations under the Act and appreciate the need to undertake a Data Protection Impact Assessment. The Guidance note provides practical guidance to organisation is so far as when Data Protection Impact Assessment is to be carried out and submitted to the Office pursuant to the provisions of the Act and what details need to be included in the Assessment.