Kara in partnership with Safaricom hosted a Webinar on Data Protection on May 19th, 2022.

The theme of discussion was “Understanding Implications of Data Protection Act in regards to Telecommunication Services in Kenya.” Speakers who addressed the Webinar were Ms. Fiona Makaka, Senior Manager, Customer Data Privacy, Safaricom PLC; Ms. Agnes Okello, Senior Manager, Public Policy, Safaricom PLC; Ms. Catherine Kariuki, Partner, Telecommunication, Digital Media & Technology, Triple OK Law and Ms. Rahab Juma, Legal Officer, Office of the Data Protection Commissioner.

Speaking at the forum Ms. Fiona Makaka stated that Safaricom has put in place key controls (operational & technical) to enhance data protection and to ensure compliance with the provisions of the Data Protection Act 2019. This include: incidence response mechanisms; risk management & compliance; privacy statements for employees, investors, suppliers, customers advising how to report breaches across all digital channels; liaising with the Office of Data Protection Commissioner  to conduct customer awareness on data protection; Strong Cyber Security Ecosystem; and establishment of data management committee.

Ms. Rahab Juma stated that The Constitution of Kenya, 2010 guarantees the right to privacy as a fundamental right. She noted that Article 31 of the constitution states “ every person has the right to privacy, which includes the right not to have their person, home or property searched; their possession seized; information relating to their family or private affair unnecessary required or revealed or the privacy of their communications infringed.”  She added that The Office of the Data Protection Commissioner is an office established by section 5 (i) of the Data Protection Act, 2019. It is designed as a State Office in accordance with Article 260 (q) of the Constitution. She explained that the Data Commissioner has the mandate to carry out investigations, facilitate alternative dispute resolution under the Act, summon witnesses and impose administrative fines for non-compliance. The Data Commissioner also has authority to issue an enforcement notice to any party that refuses or is refusing to comply with the provisions of the Act.

Ms. Catherine Kariuki stated that the Data Protection Act provides certain principles for processing personal data. She noted that the implication of this provision is that entities will be forced to undertake a data mapping exercise to establish the amounts and classification of data they collect and store in their systems or manually.

Click here following link to access the discussions: