The Office of the Data Commissioner has urged government regulators, the private sector, and civil society organisations to register as data controllers and data processors.
ODPC has targeted regulators, membership bodies and associations in the latest drive to certify data controllers and data processors in Kenya.
Recommended articles
Speaking on Monday, Data Commissioner Immaculate Kassait noted that registration of these organisations will help in dealing with some emerging trends in data protection.
"But as we embrace this digital age, we are also seeing trends that raise concerns. Data breaches, identity theft, unauthorised sharing of personal data, and intrusive surveillance are becoming more prevalent, not just globally, but here at home. This is why the protection of personal data is not only a regulatory requirement but a moral imperative," the Data Commissioner stated.
She further emphasised that the registration of regulatory bodies is also a legal requirement that applies across various sectors in the country.
"Registration is not merely a formality; it is a legal obligation that ensures transparency and accountability. It allows us to identify and track entities processing personal data, assess their compliance with the law, and intervene when necessary to protect individuals' data rights.
"As regulators, membership bodies and associations in your respective sectors, you play an instrumental role in ensuring that the entities you oversee adhere to the law," Kassait stated.
Why regulators need to register as data processors and data controllers
Deputy Data Commissioner for Compliance, Rose Mosero, elaborated that regulators need to ensure that their organisations as well as other entities they deal with need to seek certification to facilitate compliance with Data Protection laws.
She outlined that regulated entities, suppliers, service providers, consultants, public relations firms and ICT providers are required to be registered as controllers and processors.
Mosero added that registered regulators and membership bodies can encourage compliance with the law during new membership or accreditation, mobilising currently registered members, during membership renewal and when enlisting services from third parties.
A data controller is a person or entity that collects and determines how personal data will be used. Data processors are entities that carry out the processing of data on behalf of a data controller.
The meeting was attended by various government regulators including the Central Bank of Kenya, National Transport & Safety Authority, National Construction Authority, EPRA, Capital Markets Authority and others.
Various other associations were also in attendance including the Matatu Owners Association, Pub & Restaurant Owners Association, and the Kenya Association of Manufacturers.