The Office of the Data Protection Commissioner (ODPC) approved an additional 505 data handlers over the three months ending August. This means there are now 2,808 approved data handlers, up from 2,303 at the close of May.
The registration of data handlers commenced on July 14 last year after the Parliament enacted regulations requiring all entities handling personal information to register as data processors and controllers.
Read: Watchdog certifies 1400 entities as data handlers
The rules include the Data Protection (General) Regulations 2021, the Data Protection (Complaints Handling and Enforcement Procedures) Regulations, 2021, and the Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021.
In January, Data Protection Commissioner Immaculate Kassait unveiled the data protection registration system that allowed applicants to take charge of the registration to speed up compliance.
Before the launch of the system, only 1,417 entities had been certified in a six-and-a-half-month registration drive. The system allows eligible entities to go to the ODPC website, apply for registration, have their documents verified, and have a digital certificate issued, with registration costs ranging between Sh4,000 and Sh40,000.
Firms found to be in breach of the enacted rules are liable to fines of not more than Sh5 million or up to one percent of their annual turnover.
Organisations with an annual turnover of less than Sh5 million or less than 10 staff have been exempted from registration.
The legislative intervention came on the backdrop of increased complaints about the lack of data protection laws coupled with abuse of personal information especially by among others, digital lenders, political parties, and human resource (HR) managers.
Among the entities targeted include telecommunications firms, digital ride-hailing service providers, building managers, and businesses operating CCTV, dispensaries, and primary and secondary schools.
Ms Kassait had marked 13 sectors for mandatory registration including processors of genetic data like medical research companies and medical labs, bars, restaurants, and healthcare providers.
Read: Data protection trends, enforcement in Kenya
Others on the list were law firms, property managers, real estate agencies, and financial service providers such as digital lenders, Saccos, and mobile money agents.
→ [email protected]
(This article is generated through the syndicated feed sources, Financetin doesn’t own any part of this article)