I am a qualified Certified International Privacy Professional(Europe) and Kenya’s first lawyer to gain this coveted badge.A CIPP/E is Privacy’s premier European data protection certification.The credential shows one has the comprehensive data protection and GDPR knowledge, perspective and understanding to ensure compliance and data protection success.
The Kenya Data Protection Act 2019 (DPA) was signed into law in 2019 which is similar to the European General Data Protection Regulations (GDPR).The DPA and GDPR are one of the strictest data protection laws globally.As most businesses and organisations process personal data, it is likely that the DPA and, if you are multinational company, GDPR will also apply to you.
I use secure cloud based legal technology to provide customised data protection solutions to my clients.I strive to build and foster long term relationships and regularly keep my clients informed of new developments, specifically in relation to this area of privacy law and data protection.Please find below a detailed list of data protection and privacy services I provide.
Whether it is data protection for individual or businesses, I will make the process effective, efficient and simple so you can be assured of top service at all times.
Services under DPA and GDPR
Data protection laws and obligations applicable to client under the GDPR and Kenya Data Protection Act 2019(DPA 2019).
- Explanation of principles of data protection under the DPA 2019.
- Data subject rights.
- Obtaining consents from data subjects.
- Responding to data subject requests.
- Handling complaints and procedure.
Privacy Assessment (PA)
Privacy assessment measure an organization’s compliance with laws, regulations, adopted standards and internal policies and procedures.
- Data mapping and information flow.
- Assessment of what information is used, what it is used for, who it is obtained from and disclosed to, who will have access and any other necessary information.
- Identifying privacy and related risks arising from data mapping and assessment.
- Organisational risk (reputational, financial or data breach).
- Individual risk (security breach or damage caused by inaccurate data or security breach).
- Identifying and evaluating the privacy solutions.
- Addressing each identified risk with a view to eliminating or reducing the risk.
- Signing off and recording the PA outcomes.
- PA report for assessment and risk identification.
- Privacy risks signed off at each level of organisation.
Integrating the outcomes into the organisation’s working practices in Kenya.
Review of contracts with clients, data processors, employees and other third parties.
Kenya DPA 2019 requires imposes a legal obligation on controllers and processors to formalise their working relationship.
- Assessing and vetting each controller, vendor and third party with whom the client has contracts to ensure sufficient guarantees about the implementation of appropriate technical and organisational measures for compliance with the DPA.
- Reviewing existing contracts to determine the risk areas and areas of non-compliance.
Reviewing and drafting of the following policies and notices for the client.
- Privacy notices and policies.
- Employee policies.
- Data retention and Destruction policies.
- Implementing policies and monitoring compliance.
Training will include creating awareness internally within the organisation and externally with other stake holders
- Internal training – Identifying each department to be trained (marketing, HR, accounts) within the organisation.
- External training – Providing training for third parties or vendors of the clients and generally through brand marketing.
If you need further assistance beyond my typical services I can tailor my services suitable for your organisation. Please contact me to discuss your legal requirements.