Nakuru County Gov’t to support implementation of Data Protection Act

4 Min Read
Yusuf Momanyi, an officer with the Office of the Data Protection Commissioner makes a presentation during a public awareness workshop organized by the organization at a Nakuru hotel, Tuesday. Photo by Ngugi Bernard

Nakuru County Government intends to have all their contracted and aspiring suppliers registered with the Office of the Data Protection Commissioner (ODPC) as part of the enforcement of the Data Protection Act among the contractors.

The Act, which was enacted in 2019 requires any organization that handles Personal Data to be registered with ODPC as a commitment to protect information in their possession regarding individuals they interact with as clients or partners in business.

According to the Act, one can be fined up to Ksh 5 million for causing a breach of Personal Data in one’s possession. Protection of Personal Data in Kenya is a constitutional right that is guaranteed under the right to privacy.

Personal Data is any information about an individual that can be used to identify the person and it includes one’s national identity card, health status, telephone number, biometric data, ethnicity, birth certificate, location, and marital status.

ODPC categorizes personal data handlers into two: Data Controllers and Data Processors, with the former defined as individuals or lawful organizations that collect information on an individual for service delivery purposes and therefore, they determine the use of the records, while the latter gather the information on behalf of the users.

Data Controllers include health facilities, financial and learning institutions, as well as hotels while Data Processors comprise bank and mobile service provider agents and security personnel at entrances to buildings.

To ensure Data Controllers and Data Processors secure the Personal Data they collect, the Act requires they be registered with ODPC, which is charged with regulating the use of the data and protecting the data subjects against breaches of their records.

Speaking when opening a public awareness workshop organized by ODPC at a Nakuru hotel, area Deputy Governor David Kones said the County Government was committed to the protection of Personal Data as spelled out in the Act and was ready to comply with the same.

“As a County Government, we must commit ourselves to respect the Data Protection Act, 2019,” said Kones, adding the administration had a lawful basis to collect Personal Data for service delivery and as a result, various departments held a lot of information on individuals.

He said consequently, the County Government was bound to put in place safeguards to protect the data in compliance with the Act.

Yusuf Momanyi, an officer with ODPC and who represented the Data Protection Commissioner, Immaculate Kassait during the one-day workshop, commended Nakuru County Government for their readiness to collaborate with the Office in Personal Data protection and commitment to cascade the same to their contracted and aspiring suppliers.

Urging participants to guard any second party Personal Data in their possession against breach, Momanyi reminded them abuse of such information could attract heavy fines if victims launched complaints with ODPC and it was confirmed to be true.

Breach refers to accidental or unlawful destruction, loss, or alteration of Personal Data due to insecurity. It also includes disclosure, access, transmission, storage, or processing of an individual’s records without the subject’s authority.

The Tuesday Nakuru workshop is part of a series of public sensitization campaigns ODPC is holding in all counties under an arrangement the organization calls County Awareness Outreach Program, to educate the public on the need to protect personal data as well as the mandate and role of the organization.

Share This Article