Private sector players are among 1,660 entities which have so far applied for registration as either Data Controllers or Data Processors in line with the provisions of the Data Protection Act, 2019. The registration being undertaken by the Office of the Data Protection Commissioner began on June 14, 2022.
The ODPC disclosed in a new statement that as of September 2, 2022, the office had issued 332 entities with certificates of registration while 805 others were yet to make payment in order to complete with the application process. Another 459 entities are still in the registration stage while the 64 more entities are under review.
The Certificate of Registration is valid for 24 months, unless it is cancelled by the Data Commissioner.
Hospitality firms, telcos, bettíng companies, educatíon providers, health administrators and financial services are among various entities legally required to register as either data controllers and processors. Fees range from between Ksh4,000 and Ksh16,000 depending on the size and type of the entity as well as the type of registration.
“I urge all data controllers and processors to get registered in compliance with the regulations which seek to protect the right of individuals and facilitate the realization of a thriving digital economy which relies on data for innovation and growth,” stated Data Commissioner, Immaculate Kassait.
Data controllers or data processors with annual turnover below five million shillings and less than ten employees are exempt from the mandatory registration under the registration regulations. However, organisations processing personal data for various purposes must register even if their annual turnover is below five million shillings and they employ less than ten people. They include firms operating credit bureaus, gamblíng operators, faith based or religious institutions, internet service providers, hospitality industry firms, insurance administrators and transport services including ride-hailing applications among several others.
The registration is intended to help protect the right to privacy as envisioned in the Data Protection Act by ensuring data controllers and data processors comply with regulations. This helps protect sensitive data from falling into the wrong hands.
Consumers of various goods and services today are demanding protection of their personal data more than ever, piling pressure on regulators and tech giants among other stakeholders. Personal data could include a person’s full name, identity card number, date of birth, gender, physical and postal address, phone number, location data or an online identifier. It could also be biometric data, genetic data, photos, audio or video recordings.
READ NEXT>>Inside Ruto’s Ksh200 Million Swearing-in