Navigating Kenya’s Data Protection Law: Is Your Visitor Management Compliant?
Is Your Visitor Management Aligned with Kenya’s Data Protection Law
Following the Enactment of the Data Protection Law (DPL) and the establishment of the Office of the Data Protection Commissioner (ODPC), Data Protection (General) Regulations, 2021 regulations are now in full force. These regulations apply to all businesses that handle personal data In Kenya. This is evidenced by the recent action by the ODPC to Issue penalty notices to several data controllers for failing to observe the Data Privacy Rights of Data Subjects and to comply with the Data Protection Law.
Data Protection Law Compliance:
The Data Protection Law Regulations define rights for data subjects and responsibilities for data controllers, processors, and third parties handling personal data. This legal framework requires organizations to review their data management practices, including visitor management.
Entities are expected to comply with the DPL by implementing data protection principles and safeguards that ensure that the processing of personal data is in compliance with the provisions of the act Failure to comply with the act will result in the institution of enforcement procedures.
Visitor Data Compliance Risks:
Many organizations still use manual visitor registration methods like Visitor Books, which now pose compliance risks under the new laws.
Compliance with the Data Protection law is essential, with significant penalties for violations. Fines of up to KES. 5 million (approx. USD. 50,000) or 1% of annual turnover can be imposed for non-compliance, and failure to comply with the Commissioner’s orders is considered an offense. Data subjects can also seek compensation for damages.
DPL Compliance Requirements for Visitor Management:
- Use visible signage for automated registration systems to explain data purposes and relevant supporting legal frameworks.
- Be transparent about data collection intentions and use; Store data only for necessary periods, restrict access to authorized individuals, and implement security measures like encryption and passwords.
- lawfulness
- Fairness
- Transparency