Session Leader: Stanley Chege, Group CIO – Jubilee Insurance

Session Title: Implications of the Data Protection Act of 2019 (DPA 2019).

Synopsis:

The steadily growing value of data has not been lost in Kenya. It is due to the increasingly sensitive nature of data and vast amounts of collected information that the country, through its policy and lawmakers, decided to put in place a law (DPA 2019) that will guide entities on the collection, processing, storage, use and dissemination of individual’s personal data.

The president assented to the Data Protection Bill 2019 on November 8th, 2019 by to become the Data Protection Act, No. 24 of 2019. The creation of the Act meant that there was now a singular consolidated statute dealing with data related issues such as mass collection of information by the government or widespread privacy breaches by private corporations, rather than the fragmented and piecemeal provisions scattered in various statutes.

Intersection of Data and the Law:

The Act was created to serve four major purposes:

1. To give effect to Article 31 of the Constitution;
2. To establish the office of the Data Commissioner;
3. To regulate the processing of personal data; and
4. To provide the rights of data subjects and obligations of data controllers and processors.

During the end user and IT Leader only session we will debate the implications, adaptions and impact of DPA 2019