Survey finds that 41% of firms in Kenya transferred clients data

In a world where data is generated at an unprecedented rate, the importance of data protection and privacy has never been more crucial. In Kenya, the Data Protection Act of 2019 came into effect on the 25th of November, becoming the primary legislation governing data protection in the country. The act aims to safeguard the rights of individuals and ensure responsible handling of personal identifiable data by businesses and organizations operating within Kenya's borders. To delve deeper into the implications of this act, Robert Nyamu, a partner in technology consulting at Ernst & Young East Africa, sheds light on key insights from the 2021 Data Protection and Privacy Report during an interview with CNBC Africa. Nyamu emphasizes the significance of the act in upholding privacy rights and promoting ethical data processing practices. He highlights the need for awareness among Kenyan citizens and businesses regarding the new regulatory framework. Prior to the enactment of the legislation, individuals were exposed to various risks due to the lack of guidelines on data handling. The act, therefore, provides a much-needed structure to mitigate these risks and ensure data is handled responsibly. Nyamu acknowledges that a considerable number of firms were found to have shared client data without consent, indicating a gap in compliance. However, he stresses that the act covers all necessary grounds and introduces fines for non-compliance, enforced by the newly established Office of the Data Commissioner. Despite progress, Nyamu notes that many end-users remain unaware of their rights under the act, emphasizing the need for extensive civic education by both government bodies and responsible organizations. This education is crucial in empowering individuals to demand data protection and exercise their rights effectively. Nyamu also highlights the challenges posed by cross-border data transfers, emphasizing the importance of understanding the requirements and limitations of such transfers under the new regulatory framework. Ensuring compliance with international data transfer regulations is identified as a key issue that organizations need to address to navigate the globalized digital landscape effectively. Overall, the Data Protection Act of 2019 represents a significant step towards enhancing data security and privacy in Kenya, laying the groundwork for a more responsible and transparent data ecosystem. With continued awareness and enforcement, the act has the potential to shape a culture of data protection and accountability in the country.