Data Privacy and Protection for SMEs in Kenya
Category: Data Privacy
By: Stephen Jairo,
Introduction
Every year since 2007, various countries around the world come together to celebrate Data Privacy Day, observed on the 28th of January. For Kenya, this day commemoration, spearheaded by the Office of the Data Protection Commissioner, brings together Data controllers, industry players, consumers and businesses. The theme for the 2024 celebration is: ‘Fostering a Culture of Data Privacy 2024!’ It is important to note that the main aim of marking this day initially was to bring together businesses and users and raise their awareness of the importance of protecting their personal information on online platforms, i.e., on social sites. In the recent past however, this initiative has expanded to the promotion of events and activities geared towards encouraging development and compliance with data privacy laws and regulations through various multi-stakeholder engagement activities and approaches.
The Data Privacy Journey in Kenya
The Constitution of Kenya, 2010, guarantees the right to privacy as is set out in Article 31 (c & d). The clamour for privacy became apparent due to growing concerns about the unauthorised collection, use, and abuse of personal information by both government entities and private sector firms. This saw the government establish a Data Protection Taskforce in 2012, comprised of various stakeholders; – academia, civil society organizations, experts, and industry representatives. They were tasked with the development of a data privacy and protection framework for Kenya.
Consequently, the taskforce made recommendations which emphasized the need for legislation which takes into consideration individual rights on the one hand, but also leaves room for innovation and economic growth. Following this development, the Data Protection Bill was presented to Parliament in 2019, and passed into law in November of the same year, as the Data Protection Act. The Act provides for the establishment of the Office of Data Protection Commissioner (ODPC), mandated to oversee data protection in Kenya. This includes enforcing compliance, complaints handling, and imposing penalties for those found in breach.
Data Privacy& Protection for the SME Sector
According to the Act, individuals have the right to see the personal information that organizations hold about them and to ask that it be updated or deleted if needed. Additionally, the Act imposes an obligation on organizations to handle personal data responsibly, which includes getting consent from individuals, putting cybersecurity measures in place to protect against data theft or misuse, and also alerting people (especially those affected) when a data breach occurs.
One of the sectors of the Kenyan economy that heavily collects and collates data and information in their daily operation is the Small and Medium Enterprises (SMEs). Noting that it accounts for over 80 percent of total employment, whose data and information it possesses, it is therefore paramount that sector players put in place the necessary measures to ensure their consumer/customer information is protected from unauthorised access, use, and/or abuse.
The SME sector in Kenya has recently been faced with issues that hinge on the privacy of the data they have. In a policy brief titled ‘Combating Kleptocracy: State of Play in Kenya[1]”, one of the key issues that was identified is the need to “Dispel fears among the business community as to the safety of their information noting the protection by the Data Protection Act 2019.” This emanated from a diverse representation of SMEs who were sceptical as to whether to give their business information which they felt was sensitive, to the registering entity, in this case, the business registration service.
SMEs have immense and untapped potential that they can utilize to position themselves as strategic players in the dynamic landscape of the digital age. In line with challenges related to IT infrastructure and data storage, SMEs should undertake to understand how to securely store their data both locally and in other storage locations at their disposal. In addition, SMEs have not fully embraced policies that fully address privacy and security concerns, which is crucial to help in the accumulation and storage of information. This is exacerbated by the lack of adequate awareness of the provisions of the Data Protection Act, 2019, which the ODPC should embark on forthwith.
Many SMEs also do not have specific departments that are tasked with data management which may be due to budget constraints or lack of trained or expert personnel. It is important to note that the technology world is evolving, which requires SME’s to also shift gears to understand the magnitude and value of big data that they are holding, and how to leverage the same to their advantage, within the provisions of the Act.
Conclusion
As the world marks the Data Protection Day, it is noteworthy that Kenya has made a huge leap in terms of ensuring that the legal and institutional framework for data privacy and protection is in place. This, however, needs to be taken a notch higher in terms of roping in SME sector players, who not only have a massive dataset at their disposal, but also employ many individuals from whom they collect massive information. There is the need to ensure a balance is created between fostering of innovation within the SME sector, versus individual rights, if Kenya is to tap into the immense power of data on the one hand, while ensuring citizens’ privacy is protected on the other. Nevertheless, the spirit and letter of the Data Privacy and Protection Act must be upheld for this end to be achieved.
Photo credits: Freepik
[1]https://ieakenya.or.ke/download/combating-contemporary-kleptocracy-state-of-play-in-kenya/
More Blogs
Gen Z Collective Action on Taxation and Economic Policy.
Introduction The Finance Bill 2024 in Kenya sparked a wave of collective action primarily driven by Gen Z, marking a significant moment for youth engagement in Kenyan politics. This younger generation, known for their digital fluency and facing bleak economic prospects, utilised social media platforms to voice their discontent and mobilise protests against the proposed […]
Two Immediate Monetary-Framework Imperatives for Mr. Mbadi
The credibility of Monetary Policy in Kenya is compromised at present by two factors: As we anticipated mid-year, inflation is headed below the target range for the first time; The 7-member Monetary Policy Committee (MPC) has four vacancies. In light of the former prospect, the MPC reduced the Central Bank of Kenya (CBK) Policy Rate, […]
Important dates and Citizen Concerns During Budget Planning Phase for Fiscal Year 2025/2026
The Budget formulation and preparation process in Kenya is guided by a budget calendar which indicates the timelines for key activities issued in accordance with Section 36 of the Public Finance Management Act, 2012.These provide guidelines on the procedures for preparing the subsequent financial year and the Medium-Term budget forecasts. The Launch of the budget […]
Adjusted IMF Program Demands on Kenya
In the IMF WEO published yesterday, the IMF elaborated its macroeconomic framework for the ongoing IMF program. The numbers clarify how the program, derailed by the mid-year Gen-Z protests, has been adjusted to make possible the Board meeting for the combined 7th and 8th Reviews scheduled for October 30. The adjustments, unfortunately, again raise profound […]
What does the Nobel Prize in Economics 2024 mean for Constitution Implementation in Kenya?
Daron Acemoglu, Simon Johnson, and James A. Robinson won the 2024 Nobel Prize in Economics for their research on how a country’s institutions significantly impact its long-term economic success.[1] Their work emphasizes that it’s not just about a nation’s resources or technological advancements but rather the “rules of the game” that truly matter. Countries with […]
Data Privacy and Protection for SMEs in Kenya
| Post date: Mon, Feb 5, 2024 |
| Category: Data Privacy |
| By: Stephen Jairo, |
Introduction
Every year since 2007, various countries around the world come together to celebrate Data Privacy Day, observed on the 28th of January. For Kenya, this day commemoration, spearheaded by the Office of the Data Protection Commissioner, brings together Data controllers, industry players, consumers and businesses. The theme for the 2024 celebration is: ‘Fostering a Culture of Data Privacy 2024!’ It is important to note that the main aim of marking this day initially was to bring together businesses and users and raise their awareness of the importance of protecting their personal information on online platforms, i.e., on social sites. In the recent past however, this initiative has expanded to the promotion of events and activities geared towards encouraging development and compliance with data privacy laws and regulations through various multi-stakeholder engagement activities and approaches.
The Data Privacy Journey in Kenya
The Constitution of Kenya, 2010, guarantees the right to privacy as is set out in Article 31 (c & d). The clamour for privacy became apparent due to growing concerns about the unauthorised collection, use, and abuse of personal information by both government entities and private sector firms. This saw the government establish a Data Protection Taskforce in 2012, comprised of various stakeholders; – academia, civil society organizations, experts, and industry representatives. They were tasked with the development of a data privacy and protection framework for Kenya.
Consequently, the taskforce made recommendations which emphasized the need for legislation which takes into consideration individual rights on the one hand, but also leaves room for innovation and economic growth. Following this development, the Data Protection Bill was presented to Parliament in 2019, and passed into law in November of the same year, as the Data Protection Act. The Act provides for the establishment of the Office of Data Protection Commissioner (ODPC), mandated to oversee data protection in Kenya. This includes enforcing compliance, complaints handling, and imposing penalties for those found in breach.
Data Privacy& Protection for the SME Sector
According to the Act, individuals have the right to see the personal information that organizations hold about them and to ask that it be updated or deleted if needed. Additionally, the Act imposes an obligation on organizations to handle personal data responsibly, which includes getting consent from individuals, putting cybersecurity measures in place to protect against data theft or misuse, and also alerting people (especially those affected) when a data breach occurs.
One of the sectors of the Kenyan economy that heavily collects and collates data and information in their daily operation is the Small and Medium Enterprises (SMEs). Noting that it accounts for over 80 percent of total employment, whose data and information it possesses, it is therefore paramount that sector players put in place the necessary measures to ensure their consumer/customer information is protected from unauthorised access, use, and/or abuse.
The SME sector in Kenya has recently been faced with issues that hinge on the privacy of the data they have. In a policy brief titled ‘Combating Kleptocracy: State of Play in Kenya[1]”, one of the key issues that was identified is the need to “Dispel fears among the business community as to the safety of their information noting the protection by the Data Protection Act 2019.” This emanated from a diverse representation of SMEs who were sceptical as to whether to give their business information which they felt was sensitive, to the registering entity, in this case, the business registration service.
SMEs have immense and untapped potential that they can utilize to position themselves as strategic players in the dynamic landscape of the digital age. In line with challenges related to IT infrastructure and data storage, SMEs should undertake to understand how to securely store their data both locally and in other storage locations at their disposal. In addition, SMEs have not fully embraced policies that fully address privacy and security concerns, which is crucial to help in the accumulation and storage of information. This is exacerbated by the lack of adequate awareness of the provisions of the Data Protection Act, 2019, which the ODPC should embark on forthwith.
Many SMEs also do not have specific departments that are tasked with data management which may be due to budget constraints or lack of trained or expert personnel. It is important to note that the technology world is evolving, which requires SME’s to also shift gears to understand the magnitude and value of big data that they are holding, and how to leverage the same to their advantage, within the provisions of the Act.
Conclusion
As the world marks the Data Protection Day, it is noteworthy that Kenya has made a huge leap in terms of ensuring that the legal and institutional framework for data privacy and protection is in place. This, however, needs to be taken a notch higher in terms of roping in SME sector players, who not only have a massive dataset at their disposal, but also employ many individuals from whom they collect massive information. There is the need to ensure a balance is created between fostering of innovation within the SME sector, versus individual rights, if Kenya is to tap into the immense power of data on the one hand, while ensuring citizens’ privacy is protected on the other. Nevertheless, the spirit and letter of the Data Privacy and Protection Act must be upheld for this end to be achieved.
Photo credits: Freepik
[1]https://ieakenya.or.ke/download/combating-contemporary-kleptocracy-state-of-play-in-kenya/
More Blogs
Gen Z Collective Action on Taxation and Economic Policy.
Introduction The Finance Bill 2024 in Kenya sparked a wave of collective action primarily driven by Gen Z, marking a significant moment for youth engagement in Kenyan politics. This younger generation, known for their digital fluency and facing bleak economic prospects, utilised social media platforms to voice their discontent and mobilise protests against the proposed […]
Two Immediate Monetary-Framework Imperatives for Mr. Mbadi
The credibility of Monetary Policy in Kenya is compromised at present by two factors: As we anticipated mid-year, inflation is headed below the target range for the first time; The 7-member Monetary Policy Committee (MPC) has four vacancies. In light of the former prospect, the MPC reduced the Central Bank of Kenya (CBK) Policy Rate, […]
Important dates and Citizen Concerns During Budget Planning Phase for Fiscal Year 2025/2026
The Budget formulation and preparation process in Kenya is guided by a budget calendar which indicates the timelines for key activities issued in accordance with Section 36 of the Public Finance Management Act, 2012.These provide guidelines on the procedures for preparing the subsequent financial year and the Medium-Term budget forecasts. The Launch of the budget […]
Adjusted IMF Program Demands on Kenya
In the IMF WEO published yesterday, the IMF elaborated its macroeconomic framework for the ongoing IMF program. The numbers clarify how the program, derailed by the mid-year Gen-Z protests, has been adjusted to make possible the Board meeting for the combined 7th and 8th Reviews scheduled for October 30. The adjustments, unfortunately, again raise profound […]
What does the Nobel Prize in Economics 2024 mean for Constitution Implementation in Kenya?
Daron Acemoglu, Simon Johnson, and James A. Robinson won the 2024 Nobel Prize in Economics for their research on how a country’s institutions significantly impact its long-term economic success.[1] Their work emphasizes that it’s not just about a nation’s resources or technological advancements but rather the “rules of the game” that truly matter. Countries with […]